Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

\\.\globalroot\systemroot\svchost.exe


  • Please log in to reply
9 replies to this topic

#1 gogoikuzo

gogoikuzo

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 26 January 2012 - 06:13 AM

My computer has bee infected by a trojan.
I've used rkill to stop the process--it shows up as \\.\globalroot\systemroot\svchost.exe.
Everytime I attempt to clean it up mbam, it pops right back up.
I can only address the issue in safe mode, spending more then two minutes in normal leads to a fake blue screen. I really need help.



This the rkill log:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 01/26/2012 at 3:21:31.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

\\.\globalroot\systemroot\svchost.exe

Rkill completed on 01/26/2012 at 3:21:44.



and this is the mbam log:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.26.02

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Nantah :: NANTAH-VAIO [administrator]

1/26/2012 3:27:18 AM
mbam-log-2012-01-26 (03-27-18).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 373127
Time elapsed: 1 hour(s), 41 minute(s), 56 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 1724 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

Edited by hamluis, 26 January 2012 - 12:27 PM.
Moved from Win 7 to Am I Infected.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:40 PM

Posted 26 January 2012 - 05:11 PM

Hello, looks like we need to also run these,

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#3 gogoikuzo

gogoikuzo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 27 January 2012 - 06:50 AM

I ran tdss and this is what I got and I had to reboot to finish cleaning

04:55:36.0302 1700 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
04:55:36.0442 1700 ============================================================
04:55:36.0442 1700 Current date / time: 2012/01/27 04:55:36.0442
04:55:36.0442 1700 SystemInfo:
04:55:36.0442 1700
04:55:36.0442 1700 OS Version: 6.1.7601 ServicePack: 1.0
04:55:36.0442 1700 Product type: Workstation
04:55:36.0442 1700 ComputerName: NANTAH-VAIO
04:55:36.0442 1700 UserName: Nantah
04:55:36.0442 1700 Windows directory: C:\Windows
04:55:36.0442 1700 System windows directory: C:\Windows
04:55:36.0442 1700 Running under WOW64
04:55:36.0442 1700 Processor architecture: Intel x64
04:55:36.0442 1700 Number of processors: 2
04:55:36.0442 1700 Page size: 0x1000
04:55:36.0442 1700 Boot type: Safe boot with network
04:55:36.0442 1700 ============================================================
04:55:37.0768 1700 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:55:37.0768 1700 Drive \Device\Harddisk1\DR2 - Size: 0x73C00000 (1.81 Gb), SectorSize: 0x200, Cylinders: 0xEC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
04:55:37.0815 1700 Initialize success
04:56:53.0100 1664 ============================================================
04:56:53.0100 1664 Scan started
04:56:53.0100 1664 Mode: Manual;
04:56:53.0100 1664 ============================================================
04:56:53.0662 1664 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
04:56:53.0662 1664 1394ohci - ok
04:56:53.0740 1664 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
04:56:53.0756 1664 ACPI - ok
04:56:53.0880 1664 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
04:56:53.0880 1664 AcpiPmi - ok
04:56:53.0974 1664 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
04:56:53.0990 1664 adp94xx - ok
04:56:54.0114 1664 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
04:56:54.0114 1664 adpahci - ok
04:56:54.0177 1664 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
04:56:54.0177 1664 adpu320 - ok
04:56:54.0302 1664 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
04:56:54.0302 1664 AFD - ok
04:56:54.0364 1664 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
04:56:54.0380 1664 agp440 - ok
04:56:54.0536 1664 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
04:56:54.0536 1664 aliide - ok
04:56:54.0660 1664 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
04:56:54.0660 1664 amdide - ok
04:56:54.0738 1664 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
04:56:54.0738 1664 AmdK8 - ok
04:56:54.0957 1664 amdkmdag (d1d06810bf7e21f5763eb06cb7e7262b) C:\Windows\system32\DRIVERS\atipmdag.sys
04:56:55.0082 1664 amdkmdag - ok
04:56:55.0206 1664 amdkmdap (6ba71d6616b56816e57394d77dd1bb6f) C:\Windows\system32\DRIVERS\atikmpag.sys
04:56:55.0206 1664 amdkmdap - ok
04:56:55.0300 1664 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
04:56:55.0300 1664 AmdPPM - ok
04:56:55.0362 1664 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\drivers\amdsata.sys
04:56:55.0362 1664 amdsata - ok
04:56:55.0472 1664 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
04:56:55.0472 1664 amdsbs - ok
04:56:55.0550 1664 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\drivers\amdxata.sys
04:56:55.0550 1664 amdxata - ok
04:56:55.0674 1664 ApfiltrService (2672a9dbaa6a8deea7ec8c7892e32a03) C:\Windows\system32\DRIVERS\Apfiltr.sys
04:56:55.0674 1664 ApfiltrService - ok
04:56:55.0815 1664 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
04:56:55.0815 1664 AppID - ok
04:56:55.0971 1664 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
04:56:55.0971 1664 arc - ok
04:56:56.0018 1664 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
04:56:56.0018 1664 arcsas - ok
04:56:56.0127 1664 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
04:56:56.0127 1664 AsyncMac - ok
04:56:56.0220 1664 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
04:56:56.0220 1664 atapi - ok
04:56:56.0532 1664 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys
04:56:56.0579 1664 athr - ok
04:56:56.0704 1664 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\drivers\AtiPcie.sys
04:56:56.0704 1664 AtiPcie - ok
04:56:56.0860 1664 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
04:56:56.0876 1664 b06bdrv - ok
04:56:57.0000 1664 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
04:56:57.0016 1664 b57nd60a - ok
04:56:57.0078 1664 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
04:56:57.0078 1664 Beep - ok
04:56:57.0250 1664 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
04:56:57.0250 1664 blbdrive - ok
04:56:57.0406 1664 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
04:56:57.0406 1664 bowser - ok
04:56:57.0468 1664 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
04:56:57.0468 1664 BrFiltLo - ok
04:56:57.0500 1664 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
04:56:57.0500 1664 BrFiltUp - ok
04:56:57.0546 1664 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
04:56:57.0546 1664 Brserid - ok
04:56:57.0578 1664 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
04:56:57.0593 1664 BrSerWdm - ok
04:56:57.0624 1664 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
04:56:57.0624 1664 BrUsbMdm - ok
04:56:57.0656 1664 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
04:56:57.0671 1664 BrUsbSer - ok
04:56:57.0812 1664 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
04:56:57.0812 1664 BthEnum - ok
04:56:57.0890 1664 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
04:56:57.0890 1664 BTHMODEM - ok
04:56:57.0999 1664 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
04:56:58.0014 1664 BthPan - ok
04:56:58.0092 1664 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
04:56:58.0108 1664 BTHPORT - ok
04:56:58.0217 1664 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
04:56:58.0217 1664 BTHUSB - ok
04:56:58.0280 1664 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
04:56:58.0280 1664 btwavdt - ok
04:56:58.0404 1664 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\drivers\btwrchid.sys
04:56:58.0404 1664 btwrchid - ok
04:56:58.0451 1664 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
04:56:58.0451 1664 cdfs - ok
04:56:58.0576 1664 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
04:56:58.0576 1664 cdrom - ok
04:56:58.0654 1664 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
04:56:58.0654 1664 circlass - ok
04:56:58.0763 1664 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
04:56:58.0763 1664 CLFS - ok
04:56:58.0904 1664 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
04:56:58.0904 1664 CmBatt - ok
04:56:58.0966 1664 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
04:56:58.0966 1664 cmdide - ok
04:56:59.0013 1664 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
04:56:59.0013 1664 CNG - ok
04:56:59.0091 1664 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
04:56:59.0091 1664 Compbatt - ok
04:56:59.0216 1664 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
04:56:59.0216 1664 CompositeBus - ok
04:56:59.0262 1664 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
04:56:59.0262 1664 crcdisk - ok
04:56:59.0403 1664 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
04:56:59.0418 1664 DfsC - ok
04:56:59.0465 1664 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
04:56:59.0465 1664 discache - ok
04:56:59.0590 1664 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
04:56:59.0590 1664 Disk - ok
04:56:59.0715 1664 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
04:56:59.0715 1664 drmkaud - ok
04:56:59.0855 1664 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
04:56:59.0871 1664 DXGKrnl - ok
04:57:00.0027 1664 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
04:57:00.0105 1664 ebdrv - ok
04:57:00.0245 1664 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
04:57:00.0261 1664 elxstor - ok
04:57:00.0339 1664 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
04:57:00.0339 1664 ErrDev - ok
04:57:00.0433 1664 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
04:57:00.0433 1664 exfat - ok
04:57:00.0479 1664 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
04:57:00.0479 1664 fastfat - ok
04:57:00.0604 1664 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
04:57:00.0604 1664 fdc - ok
04:57:00.0682 1664 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
04:57:00.0682 1664 FileInfo - ok
04:57:00.0729 1664 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
04:57:00.0729 1664 Filetrace - ok
04:57:00.0854 1664 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
04:57:00.0854 1664 flpydisk - ok
04:57:00.0932 1664 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
04:57:00.0932 1664 FltMgr - ok
04:57:00.0994 1664 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
04:57:01.0010 1664 FsDepends - ok
04:57:01.0025 1664 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
04:57:01.0025 1664 Fs_Rec - ok
04:57:01.0181 1664 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
04:57:01.0181 1664 fvevol - ok
04:57:01.0228 1664 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
04:57:01.0244 1664 gagp30kx - ok
04:57:01.0322 1664 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:57:01.0322 1664 GEARAspiWDM - ok
04:57:01.0493 1664 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
04:57:01.0493 1664 hcw85cir - ok
04:57:01.0587 1664 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
04:57:01.0665 1664 HdAudAddService - ok
04:57:01.0712 1664 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
04:57:01.0727 1664 HDAudBus - ok
04:57:01.0759 1664 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
04:57:01.0759 1664 HidBatt - ok
04:57:01.0805 1664 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
04:57:01.0821 1664 HidBth - ok
04:57:01.0868 1664 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
04:57:01.0868 1664 HidIr - ok
04:57:01.0977 1664 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
04:57:01.0977 1664 HidUsb - ok
04:57:02.0086 1664 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
04:57:02.0086 1664 HpSAMD - ok
04:57:02.0180 1664 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
04:57:02.0180 1664 HTTP - ok
04:57:02.0273 1664 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
04:57:02.0273 1664 hwpolicy - ok
04:57:02.0367 1664 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
04:57:02.0367 1664 i8042prt - ok
04:57:02.0507 1664 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
04:57:02.0507 1664 iaStorV - ok
04:57:02.0570 1664 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
04:57:02.0585 1664 iirsp - ok
04:57:02.0741 1664 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\Windows\system32\drivers\RTKVHD64.sys
04:57:02.0788 1664 IntcAzAudAddService - ok
04:57:02.0913 1664 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
04:57:02.0913 1664 intelide - ok
04:57:02.0975 1664 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
04:57:02.0975 1664 intelppm - ok
04:57:03.0022 1664 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:57:03.0022 1664 IpFilterDriver - ok
04:57:03.0085 1664 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
04:57:03.0085 1664 IPMIDRV - ok
04:57:03.0178 1664 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
04:57:03.0194 1664 IPNAT - ok
04:57:03.0319 1664 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
04:57:03.0319 1664 IRENUM - ok
04:57:03.0397 1664 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
04:57:03.0397 1664 isapnp - ok
04:57:03.0459 1664 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
04:57:03.0475 1664 iScsiPrt - ok
04:57:03.0521 1664 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
04:57:03.0521 1664 kbdclass - ok
04:57:03.0631 1664 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
04:57:03.0646 1664 kbdhid - ok
04:57:03.0709 1664 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
04:57:03.0709 1664 KSecDD - ok
04:57:03.0771 1664 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
04:57:03.0787 1664 KSecPkg - ok
04:57:03.0896 1664 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
04:57:03.0896 1664 ksthunk - ok
04:57:04.0067 1664 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
04:57:04.0067 1664 lltdio - ok
04:57:04.0177 1664 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
04:57:04.0177 1664 LSI_FC - ok
04:57:04.0223 1664 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
04:57:04.0223 1664 LSI_SAS - ok
04:57:04.0255 1664 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
04:57:04.0270 1664 LSI_SAS2 - ok
04:57:04.0395 1664 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
04:57:04.0395 1664 LSI_SCSI - ok
04:57:04.0520 1664 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
04:57:04.0520 1664 luafv - ok
04:57:04.0660 1664 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
04:57:04.0660 1664 megasas - ok
04:57:04.0707 1664 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
04:57:04.0723 1664 MegaSR - ok
04:57:04.0816 1664 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
04:57:04.0816 1664 Modem - ok
04:57:04.0957 1664 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
04:57:04.0957 1664 monitor - ok
04:57:05.0097 1664 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
04:57:05.0097 1664 mouclass - ok
04:57:05.0159 1664 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
04:57:05.0159 1664 mouhid - ok
04:57:05.0222 1664 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
04:57:05.0222 1664 mountmgr - ok
04:57:05.0362 1664 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
04:57:05.0378 1664 MpFilter - ok
04:57:05.0425 1664 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
04:57:05.0440 1664 mpio - ok
04:57:05.0518 1664 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
04:57:05.0518 1664 MpNWMon - ok
04:57:05.0612 1664 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
04:57:05.0612 1664 mpsdrv - ok
04:57:05.0674 1664 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
04:57:05.0674 1664 MRxDAV - ok
04:57:05.0783 1664 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:57:05.0783 1664 mrxsmb - ok
04:57:05.0861 1664 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:57:05.0861 1664 mrxsmb10 - ok
04:57:05.0924 1664 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:57:05.0939 1664 mrxsmb20 - ok
04:57:06.0002 1664 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
04:57:06.0017 1664 msahci - ok
04:57:06.0049 1664 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
04:57:06.0064 1664 msdsm - ok
04:57:06.0142 1664 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
04:57:06.0142 1664 Msfs - ok
04:57:06.0173 1664 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
04:57:06.0173 1664 mshidkmdf - ok
04:57:06.0236 1664 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
04:57:06.0236 1664 msisadrv - ok
04:57:06.0361 1664 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
04:57:06.0361 1664 MSKSSRV - ok
04:57:06.0501 1664 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
04:57:06.0501 1664 MSPCLOCK - ok
04:57:06.0548 1664 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
04:57:06.0563 1664 MSPQM - ok
04:57:06.0626 1664 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
04:57:06.0641 1664 MsRPC - ok
04:57:06.0704 1664 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
04:57:06.0704 1664 mssmbios - ok
04:57:06.0844 1664 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
04:57:06.0844 1664 MSTEE - ok
04:57:06.0907 1664 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
04:57:06.0907 1664 MTConfig - ok
04:57:07.0000 1664 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
04:57:07.0000 1664 Mup - ok
04:57:07.0141 1664 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
04:57:07.0141 1664 NativeWifiP - ok
04:57:07.0250 1664 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
04:57:07.0250 1664 NDIS - ok
04:57:07.0375 1664 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
04:57:07.0375 1664 NdisCap - ok
04:57:07.0468 1664 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
04:57:07.0468 1664 NdisTapi - ok
04:57:07.0593 1664 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
04:57:07.0593 1664 Ndisuio - ok
04:57:07.0655 1664 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
04:57:07.0655 1664 NdisWan - ok
04:57:07.0733 1664 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
04:57:07.0733 1664 NDProxy - ok
04:57:07.0843 1664 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
04:57:07.0843 1664 NetBIOS - ok
04:57:07.0889 1664 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
04:57:07.0905 1664 NetBT - ok
04:57:08.0061 1664 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
04:57:08.0061 1664 nfrd960 - ok
04:57:08.0108 1664 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
04:57:08.0123 1664 NisDrv - ok
04:57:08.0233 1664 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
04:57:08.0233 1664 Npfs - ok
04:57:08.0264 1664 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
04:57:08.0264 1664 nsiproxy - ok
04:57:08.0357 1664 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
04:57:08.0389 1664 Ntfs - ok
04:57:08.0498 1664 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
04:57:08.0498 1664 Null - ok
04:57:08.0623 1664 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
04:57:08.0623 1664 nvraid - ok
04:57:08.0685 1664 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
04:57:08.0685 1664 nvstor - ok
04:57:08.0747 1664 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
04:57:08.0747 1664 nv_agp - ok
04:57:08.0872 1664 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
04:57:08.0888 1664 ohci1394 - ok
04:57:08.0981 1664 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
04:57:08.0997 1664 Parport - ok
04:57:09.0044 1664 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
04:57:09.0044 1664 partmgr - ok
04:57:09.0106 1664 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
04:57:09.0106 1664 pci - ok
04:57:09.0137 1664 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
04:57:09.0137 1664 pciide - ok
04:57:09.0200 1664 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
04:57:09.0200 1664 pcmcia - ok
04:57:09.0309 1664 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
04:57:09.0309 1664 pcw - ok
04:57:09.0340 1664 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
04:57:09.0356 1664 PEAUTH - ok
04:57:09.0543 1664 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
04:57:09.0543 1664 PptpMiniport - ok
04:57:09.0590 1664 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
04:57:09.0590 1664 Processor - ok
04:57:09.0668 1664 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
04:57:09.0668 1664 Psched - ok
04:57:09.0715 1664 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
04:57:09.0715 1664 PxHlpa64 - ok
04:57:09.0777 1664 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
04:57:09.0824 1664 ql2300 - ok
04:57:09.0917 1664 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
04:57:09.0917 1664 ql40xx - ok
04:57:09.0980 1664 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
04:57:09.0980 1664 QWAVEdrv - ok
04:57:10.0042 1664 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
04:57:10.0042 1664 RasAcd - ok
04:57:10.0136 1664 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
04:57:10.0136 1664 RasAgileVpn - ok
04:57:10.0214 1664 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:57:10.0214 1664 Rasl2tp - ok
04:57:10.0307 1664 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
04:57:10.0307 1664 RasPppoe - ok
04:57:10.0339 1664 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
04:57:10.0339 1664 RasSstp - ok
04:57:10.0417 1664 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
04:57:10.0417 1664 rdbss - ok
04:57:10.0541 1664 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
04:57:10.0541 1664 rdpbus - ok
04:57:10.0588 1664 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:57:10.0588 1664 RDPCDD - ok
04:57:10.0697 1664 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
04:57:10.0697 1664 RDPENCDD - ok
04:57:10.0729 1664 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
04:57:10.0729 1664 RDPREFMP - ok
04:57:10.0791 1664 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
04:57:10.0791 1664 RDPWD - ok
04:57:10.0853 1664 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
04:57:10.0853 1664 rdyboost - ok
04:57:10.0978 1664 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
04:57:10.0978 1664 RFCOMM - ok
04:57:11.0103 1664 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
04:57:11.0103 1664 rspndr - ok
04:57:11.0228 1664 RSUSBSTOR (5aab4808e8ccae8c2ecda5b791260616) C:\Windows\system32\Drivers\RtsUStor.sys
04:57:11.0228 1664 RSUSBSTOR - ok
04:57:11.0353 1664 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
04:57:11.0353 1664 RTHDMIAzAudService - ok
04:57:11.0477 1664 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
04:57:11.0477 1664 RTL8167 - ok
04:57:11.0571 1664 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
04:57:11.0571 1664 SASDIFSV - ok
04:57:11.0618 1664 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
04:57:11.0618 1664 SASKUTIL - ok
04:57:11.0743 1664 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
04:57:11.0743 1664 sbp2port - ok
04:57:11.0805 1664 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
04:57:11.0805 1664 scfilter - ok
04:57:11.0930 1664 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
04:57:11.0930 1664 secdrv - ok
04:57:12.0039 1664 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
04:57:12.0039 1664 Serenum - ok
04:57:12.0133 1664 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
04:57:12.0133 1664 Serial - ok
04:57:12.0195 1664 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
04:57:12.0195 1664 sermouse - ok
04:57:12.0304 1664 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
04:57:12.0304 1664 SFEP - ok
04:57:12.0367 1664 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
04:57:12.0367 1664 sffdisk - ok
04:57:12.0429 1664 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
04:57:12.0429 1664 sffp_mmc - ok
04:57:12.0460 1664 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
04:57:12.0460 1664 sffp_sd - ok
04:57:12.0538 1664 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
04:57:12.0538 1664 sfloppy - ok
04:57:12.0601 1664 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
04:57:12.0601 1664 SiSRaid2 - ok
04:57:12.0647 1664 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
04:57:12.0663 1664 SiSRaid4 - ok
04:57:12.0710 1664 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
04:57:12.0710 1664 Smb - ok
04:57:12.0772 1664 speedfan - ok
04:57:12.0881 1664 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
04:57:12.0881 1664 spldr - ok
04:57:13.0100 1664 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
04:57:13.0100 1664 srv - ok
04:57:13.0147 1664 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
04:57:13.0147 1664 srv2 - ok
04:57:13.0178 1664 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
04:57:13.0178 1664 srvnet - ok
04:57:13.0256 1664 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
04:57:13.0256 1664 stexstor - ok
04:57:13.0381 1664 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
04:57:13.0381 1664 swenum - ok
04:57:13.0490 1664 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
04:57:13.0537 1664 Tcpip - ok
04:57:13.0724 1664 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
04:57:13.0739 1664 TCPIP6 - ok
04:57:13.0817 1664 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
04:57:13.0817 1664 tcpipreg - ok
04:57:13.0880 1664 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
04:57:13.0880 1664 TDPIPE - ok
04:57:13.0895 1664 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
04:57:13.0895 1664 TDTCP - ok
04:57:13.0958 1664 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
04:57:13.0973 1664 tdx - ok
04:57:14.0036 1664 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
04:57:14.0051 1664 TermDD - ok
04:57:14.0129 1664 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:57:14.0129 1664 tssecsrv - ok
04:57:14.0207 1664 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
04:57:14.0207 1664 TsUsbFlt - ok
04:57:14.0285 1664 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
04:57:14.0285 1664 tunnel - ok
04:57:14.0379 1664 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
04:57:14.0379 1664 uagp35 - ok
04:57:14.0441 1664 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
04:57:14.0441 1664 udfs - ok
04:57:14.0582 1664 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
04:57:14.0582 1664 uliagpkx - ok
04:57:14.0644 1664 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
04:57:14.0644 1664 umbus - ok
04:57:14.0675 1664 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
04:57:14.0675 1664 UmPass - ok
04:57:14.0753 1664 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
04:57:14.0753 1664 usbccgp - ok
04:57:14.0800 1664 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
04:57:14.0816 1664 usbcir - ok
04:57:14.0847 1664 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
04:57:14.0847 1664 usbehci - ok
04:57:14.0894 1664 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
04:57:14.0894 1664 usbfilter - ok
04:57:14.0972 1664 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
04:57:14.0972 1664 usbhub - ok
04:57:15.0034 1664 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
04:57:15.0034 1664 usbohci - ok
04:57:15.0081 1664 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
04:57:15.0081 1664 usbprint - ok
04:57:15.0143 1664 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
04:57:15.0159 1664 usbscan - ok
04:57:15.0268 1664 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:57:15.0268 1664 USBSTOR - ok
04:57:15.0315 1664 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
04:57:15.0331 1664 usbuhci - ok
04:57:15.0424 1664 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
04:57:15.0424 1664 usbvideo - ok
04:57:15.0518 1664 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
04:57:15.0518 1664 vdrvroot - ok
04:57:15.0643 1664 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
04:57:15.0643 1664 vga - ok
04:57:15.0689 1664 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
04:57:15.0689 1664 VgaSave - ok
04:57:15.0767 1664 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
04:57:15.0767 1664 vhdmp - ok
04:57:15.0830 1664 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
04:57:15.0830 1664 viaide - ok
04:57:15.0892 1664 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
04:57:15.0892 1664 volmgr - ok
04:57:15.0939 1664 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
04:57:15.0939 1664 volmgrx - ok
04:57:16.0033 1664 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
04:57:16.0048 1664 volsnap - ok
04:57:16.0142 1664 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
04:57:16.0142 1664 vsmraid - ok
04:57:16.0220 1664 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
04:57:16.0220 1664 vwifibus - ok
04:57:16.0251 1664 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
04:57:16.0251 1664 vwififlt - ok
04:57:16.0360 1664 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
04:57:16.0360 1664 vwifimp - ok
04:57:16.0407 1664 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
04:57:16.0407 1664 WacomPen - ok
04:57:16.0516 1664 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:57:16.0516 1664 WANARP - ok
04:57:16.0516 1664 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:57:16.0516 1664 Wanarpv6 - ok
04:57:16.0641 1664 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
04:57:16.0641 1664 Wd - ok
04:57:16.0688 1664 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
04:57:16.0703 1664 Wdf01000 - ok
04:57:16.0844 1664 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
04:57:16.0844 1664 WfpLwf - ok
04:57:16.0891 1664 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
04:57:16.0891 1664 WIMMount - ok
04:57:17.0047 1664 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
04:57:17.0062 1664 WmiAcpi - ok
04:57:17.0140 1664 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
04:57:17.0140 1664 ws2ifsl - ok
04:57:17.0296 1664 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
04:57:17.0312 1664 WudfPf - ok
04:57:17.0327 1664 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:57:17.0343 1664 WUDFRd - ok
04:57:17.0405 1664 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
04:57:17.0437 1664 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
04:57:17.0437 1664 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
04:57:17.0437 1664 MBR (0x1B8) (cd49e7fdeaf709ae14282f866bae10e9) \Device\Harddisk1\DR2
04:57:19.0277 1664 \Device\Harddisk1\DR2 - ok
04:57:19.0309 1664 Boot (0x1200) (6655d8b10246c9d993eb1f411bd14f62) \Device\Harddisk0\DR0\Partition0
04:57:19.0324 1664 \Device\Harddisk0\DR0\Partition0 - ok
04:57:19.0324 1664 Boot (0x1200) (d84d5da0aac1a264f18c4211df223ebf) \Device\Harddisk0\DR0\Partition1
04:57:19.0324 1664 \Device\Harddisk0\DR0\Partition1 - ok
04:57:19.0324 1664 ============================================================
04:57:19.0324 1664 Scan finished
04:57:19.0324 1664 ============================================================
04:57:19.0355 1864 Detected object count: 1
04:57:19.0355 1864 Actual detected object count: 1
04:57:59.0057 1864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
04:57:59.0057 1864 \Device\Harddisk0\DR0 - ok
04:57:59.0057 1864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
05:00:31.0220 0680 Deinitialize success


After the computer restarted, I was able to enter normal mode.
This is what I got for the aswMBR. The dat file was saved to "my documents" is that normal?

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-27 05:07:35
-----------------------------
05:07:35.345 OS Version: Windows x64 6.1.7601 Service Pack 1
05:07:35.345 Number of processors: 2 586 0x603
05:07:35.347 ComputerName: NANTAH-VAIO UserName: Nantah
05:07:38.334 Initialize success
05:07:44.189 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
05:07:44.196 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 11
05:07:44.217 Disk 0 MBR read successfully
05:07:44.223 Disk 0 MBR scan
05:07:44.230 Disk 0 Windows 7 default MBR code
05:07:44.237 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9588 MB offset 2048
05:07:44.261 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 19640320
05:07:44.283 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 295554 MB offset 19845120
05:07:44.292 Service scanning
05:07:48.886 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
05:07:50.135 Modules scanning
05:07:50.145 Disk 0 trace - called modules:
05:07:50.181 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys
05:07:50.192 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003206060]
05:07:50.209 3 CLASSPNP.SYS[fffff8800195a43f] -> nt!IofCallDriver -> [0xfffffa80021da6a0]
05:07:50.223 5 amdxata.sys[fffff880010c57a8] -> nt!IofCallDriver -> [0xfffffa80021dae40]
05:07:50.237 7 ACPI.sys[fffff88000ee27a1] -> nt!IofCallDriver -> \Device\00000058[0xfffffa800318a060]
05:07:50.250 Scan finished successfully
05:08:23.381 Disk 0 MBR has been saved successfully to "C:\Users\Nantah\Desktop\Documents\MBR.dat"
05:08:23.394 The log file has been saved successfully to "C:\Users\Nantah\Desktop\Documents\aswMBR.txt"
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-27 05:14:17
-----------------------------
05:14:17.865 OS Version: Windows x64 6.1.7601 Service Pack 1
05:14:17.866 Number of processors: 2 586 0x603
05:14:17.867 ComputerName: NANTAH-VAIO UserName: Nantah
05:14:20.932 Initialize success
05:14:27.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
05:14:27.425 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 11
05:14:27.468 Disk 0 MBR read successfully
05:14:27.473 Disk 0 MBR scan
05:14:27.480 Disk 0 Windows 7 default MBR code
05:14:27.487 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9588 MB offset 2048
05:14:27.501 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 19640320
05:14:27.512 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 295554 MB offset 19845120
05:14:27.521 Service scanning
05:14:28.434 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
05:14:29.187 Modules scanning




Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.26.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nantah :: NANTAH-VAIO [administrator]

1/27/2012 5:16:34 AM
mbam-log-2012-01-27 (05-16-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189750
Time elapsed: 13 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Reboot necessary.

Afterwords I ran Rkill and it found nothing, but before that Rkill gave me 3 cascading installation failed errors. I had this problem before the trojan surfaced Is there a way to fix this this.

Edited by gogoikuzo, 27 January 2012 - 06:56 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:40 PM

Posted 27 January 2012 - 01:59 PM

OK, this was a good clean in TDSS
04:57:19.0355 1864 Detected object count: 1
04:57:19.0355 1864 Actual detected object count: 1
04:57:59.0057 1864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
04:57:59.0057 1864 \Device\Harddisk0\DR0 - ok
04:57:59.0057 1864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
05:00:31.0220 0680 Deinitialize success


Try RKill /MBAM in Safe Mode with Networking,Running a FULL scan this time.
How to start Windows 7 in Safe Mode

Edited by boopme, 27 January 2012 - 02:01 PM.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#5 gogoikuzo

gogoikuzo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 27 January 2012 - 05:51 PM

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.27.02

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Nantah :: NANTAH-VAIO [administrator]

1/27/2012 3:29:14 PM
mbam-log-2012-01-27 (15-29-14).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 369427
Time elapsed: 1 hour(s), 14 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:40 PM

Posted 27 January 2012 - 07:11 PM

The dat file was saved to "my documents" is that normal?

You may not have clicked the Save Log button.

But this looks pretty good now. To be sute we left nothing behind.....

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.



How is it running now?
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#7 gogoikuzo

gogoikuzo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 28 January 2012 - 09:26 AM

C:\Program Files (x86)\YouTube Downloader Toolbar\WidgiHelper.exe Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\ProgramData\Microsoft\Windows\DRM\7842.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined

C:\ProgramData\Microsoft\Windows\DRM\7891.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined

C:\Users\Nantah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\504e4dd6-6c97201b a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined

C:\Users\Nantah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\4d809ea6-50528786 multiple threats deleted - quarantined

C:\Users\Nantah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\7fcb7137-55d77d68 multiple threats deleted - quarantined

C:\Users\Nantah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\238b297e-53448549 multiple threats deleted - quarantined

C:\Users\Nantah\Downloads\YouTubeDownloaderSetup265.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined

C:\Users\Nantah\Downloads\YouTubeDownloaderSetup27.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined

C:\Users\Nantah\Downloads\YouTubeDownloaderSetup271.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined

C:\Windows\Installer\16643e90.msi Win32/Adware.Toolbar.Dealio application deleted - quarantined

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6076d627-6eeee606 Java/Agent.EA trojan deleted - quarantined

C:\Windows\Temp\jar_cache5617265019056878813.tmp Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined

...
I feel dirty... :blink:

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:40 PM

Posted 28 January 2012 - 10:00 AM

I feel dirty...

:hysterical: Well we are much cleaner now.

How is it running now?

I want to look at your system to see if there are exploitable apps .. then we'll mop up.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#9 gogoikuzo

gogoikuzo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 28 January 2012 - 11:40 AM

MiniToolBox by Farbar Version: 18-01-2012
Ran by Nantah (administrator) on 28-01-2012 at 10:38:39
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 65111
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Nantah-VAIO
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 7E-DD-08-E8-E6-D0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : administrative.hbu.edu
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 54-42-49-2C-57-DE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 78-DD-08-E8-E6-D0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::588c:8dc8:5bb8:2682%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.69(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, January 27, 2012 4:46:53 PM
Lease Expires . . . . . . . . . . : Sunday, January 29, 2012 8:06:59 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 192470280
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-CE-4F-96-54-42-49-2C-57-DE
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.administrative.hbu.edu:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {20AFEC21-1FB0-4283-AFD9-72BD6E6D8879}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C25E5161-542A-48CF-ADAB-3115E86B19C9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.227.18
74.125.227.19
74.125.227.20
74.125.227.16
74.125.227.17


Pinging google.com [74.125.227.113] with 32 bytes of data:
Reply from 74.125.227.113: bytes=32 time=28ms TTL=50
Reply from 74.125.227.113: bytes=32 time=29ms TTL=50

Ping statistics for 74.125.227.113:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 28ms, Maximum = 29ms, Average = 28ms
Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.180.149
209.191.122.70
72.30.2.43
98.137.149.56


Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=72ms TTL=55
Reply from 72.30.2.43: bytes=32 time=70ms TTL=55

Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 70ms, Maximum = 72ms, Average = 71ms
Server: homeportal
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...7e dd 08 e8 e6 d0 ......Microsoft Virtual WiFi Miniport Adapter
11...54 42 49 2c 57 de ......Realtek PCIe GBE Family Controller
10...78 dd 08 e8 e6 d0 ......Atheros AR9285 Wireless Network Adapter
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.69 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.69 281
192.168.1.69 255.255.255.255 On-link 192.168.1.69 281
192.168.1.255 255.255.255.255 On-link 192.168.1.69 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.69 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.69 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 281 fe80::/64 On-link
10 281 fe80::588c:8dc8:5bb8:2682/128
On-link
1 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 10 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 10 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/28/2012 10:29:46 AM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 16.0.912.77 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1cd0

Start Time: 01ccddd47d87b4ea

Termination Time: 27

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 451eec40-49cd-11e1-9dbd-5442492c57de

Error: (01/28/2012 09:49:57 AM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 16.0.912.77 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 48d4

Start Time: 01ccddd4649fea2f

Termination Time: 27

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: b36dafff-49c7-11e1-9dbd-5442492c57de

Error: (01/28/2012 09:46:11 AM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 16.0.912.77 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2ba0

Start Time: 01ccddb293f368fe

Termination Time: 170

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: c6a74235-49c6-11e1-9dbd-5442492c57de

Error: (01/28/2012 04:07:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/28/2012 04:05:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/28/2012 04:05:29 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/28/2012 04:05:25 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/28/2012 04:01:31 AM) (Source: Application Hang) (User: )
Description: The program VAIO Gate.exe version 2.0.0.14050 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19c

Start Time: 01ccdd45763391f3

Termination Time: 2609

Application Path: C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe

Report Id: 04e22c05-4997-11e1-9dbd-5442492c57de

Error: (01/28/2012 01:24:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18872346

Error: (01/28/2012 01:24:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18872346


System errors:
=============
Error: (01/27/2012 04:50:59 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (01/27/2012 04:46:22 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (01/27/2012 03:43:33 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (01/27/2012 03:43:33 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (01/27/2012 03:27:39 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/27/2012 03:27:39 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/27/2012 03:27:26 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/27/2012 03:27:17 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/27/2012 03:27:12 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
discache
MpFilter
SASDIFSV
SASKUTIL
spldr
Wanarpv6

Error: (01/27/2012 03:27:06 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (01/28/2012 10:29:46 AM) (Source: Application Hang)(User: )
Description: chrome.exe16.0.912.771cd001ccddd47d87b4ea27C:\Program Files (x86)\Google\Chrome\Application\chrome.exe451eec40-49cd-11e1-9dbd-5442492c57de

Error: (01/28/2012 09:49:57 AM) (Source: Application Hang)(User: )
Description: chrome.exe16.0.912.7748d401ccddd4649fea2f27C:\Program Files (x86)\Google\Chrome\Application\chrome.exeb36dafff-49c7-11e1-9dbd-5442492c57de

Error: (01/28/2012 09:46:11 AM) (Source: Application Hang)(User: )
Description: chrome.exe16.0.912.772ba001ccddb293f368fe170C:\Program Files (x86)\Google\Chrome\Application\chrome.exec6a74235-49c6-11e1-9dbd-5442492c57de

Error: (01/28/2012 04:07:36 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Nantah\Desktop\Documents\Spring 2012\esetsmartinstaller_enu.exe

Error: (01/28/2012 04:05:38 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Nantah\Desktop\Documents\Spring 2012\esetsmartinstaller_enu.exe

Error: (01/28/2012 04:05:29 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Nantah\Desktop\Documents\Spring 2012\esetsmartinstaller_enu.exe

Error: (01/28/2012 04:05:25 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Nantah\Desktop\Documents\Spring 2012\esetsmartinstaller_enu.exe

Error: (01/28/2012 04:01:31 AM) (Source: Application Hang)(User: )
Description: VAIO Gate.exe2.0.0.1405019c01ccdd45763391f32609C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe04e22c05-4997-11e1-9dbd-5442492c57de

Error: (01/28/2012 01:24:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18872346

Error: (01/28/2012 01:24:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18872346


=========================== Installed Programs ============================

(Version: 3.2.0.13200)
64 Bit HP BiDi Channel Components Installer (Version: 1.2.0.2)
AccuWeather.com Cirrus (Version: 0.1.6)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Adobe Reader 9.2 (Version: 9.2.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
AIM 7
Alps Pointing-device for VAIO
AMD USB Filter Driver (Version: 1.0.15.94)
AOL Messaging Toolbar
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.1.116)
Application Manager for VAIO
ArcSoft WebCam Companion 3 (Version: 3.0.21.390)
Artweaver 0.5 (Version: 0.5.7)
ATI Catalyst Install Manager (Version: 3.0.765.0)
Bonjour (Version: 2.0.4.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0302.2233.40412)
Catalyst Control Center Graphics Full Existing (Version: 2010.0302.2233.40412)
Catalyst Control Center Graphics Full New (Version: 2010.0302.2233.40412)
Catalyst Control Center Graphics Light (Version: 2010.0302.2233.40412)
Catalyst Control Center Graphics Previews Common (Version: 2010.0302.2233.40412)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0302.2233.40412)
Catalyst Control Center InstallProxy (Version: 2010.0302.2233.40412)
Catalyst Control Center Localization All (Version: 2010.0302.2233.40412)
ccc-core-static (Version: 2010.0302.2233.40412)
ccc-utility64 (Version: 2010.0302.2233.40412)
CCC Help Chinese Standard (Version: 2010.0302.2232.40412)
CCC Help Chinese Traditional (Version: 2010.0302.2232.40412)
CCC Help Czech (Version: 2010.0302.2232.40412)
CCC Help Danish (Version: 2010.0302.2232.40412)
CCC Help Dutch (Version: 2010.0302.2232.40412)
CCC Help English (Version: 2010.0302.2232.40412)
CCC Help Finnish (Version: 2010.0302.2232.40412)
CCC Help French (Version: 2010.0302.2232.40412)
CCC Help German (Version: 2010.0302.2232.40412)
CCC Help Greek (Version: 2010.0302.2232.40412)
CCC Help Hungarian (Version: 2010.0302.2232.40412)
CCC Help Italian (Version: 2010.0302.2232.40412)
CCC Help Japanese (Version: 2010.0302.2232.40412)
CCC Help Korean (Version: 2010.0302.2232.40412)
CCC Help Norwegian (Version: 2010.0302.2232.40412)
CCC Help Polish (Version: 2010.0302.2232.40412)
CCC Help Portuguese (Version: 2010.0302.2232.40412)
CCC Help Russian (Version: 2010.0302.2232.40412)
CCC Help Spanish (Version: 2010.0302.2232.40412)
CCC Help Swedish (Version: 2010.0302.2232.40412)
CCC Help Thai (Version: 2010.0302.2232.40412)
CCC Help Turkish (Version: 2010.0302.2232.40412)
Click to Disc MergeModules x64 (Version: 1.0.14230)
D3DX10 (Version: 15.4.2368.0902)
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Download Updater (AOL LLC)
Evernote (Version: 3.5.2.1525)
Google Chrome (Version: 16.0.912.77)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2427.2330)
Google Update Helper (Version: 1.3.21.79)
iTunes (Version: 10.1.1.4)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 18 (64-bit) (Version: 6.0.180)
Java™ 6 Update 26 (Version: 6.0.260)
Junk Mail filter update (Version: 15.4.3502.0922)
KeyHoleTV
Livestation (Version: 3.2.0)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Media Gallery (Version: 1.2.0.15040)
Media Gallery MergeModules x64 (Version: 1.0.14250)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 Browser (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Native Client (Version: 10.3.5500.0)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.3.5500.0)
Microsoft SQL Server VSS Writer (Version: 10.3.5500.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSI_SPF_x64 (Version: 1.0.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Oasis2Service (Version: 1.0.1)
OOBE (Version: 3.00.0519)
OpenAL
PlayReady PC Runtime amd64 (Version: 1.3.0)
PMB (Version: 5.1.02.03310)
PMB VAIO Edition Guide (Version: 1.1.00.14080)
PMB VAIO Edition plug-in (Click to Disc) (Version: 3.1.00.15080)
PMB VAIO Edition plug-in (VAIO Image Optimizer) (Version: 1.1.00.15040)
PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.1.00.15080)
PrintKey2000
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek HDMI Audio Driver for ATI (Version: 6.0.1.6034)
Realtek High Definition Audio Driver (Version: 6.0.1.6069)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30116)
RealUpgrade 1.1 (Version: 1.1.0)
Service Pack 3 for SQL Server 2008 (KB2546951) (Version: 10.3.5500.0)
Setting Utility Series (Version: 5.2.0.15250)
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.187)
SmartWi Connection Utility (Version: 4.10.4.20100121.2442)
Sony Home Network Library (Version: 2.1.0.14240)
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0)
SUPERAntiSpyware (Version: 4.47.1000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VAIO Care (Version: 6.0.0.15080)
VAIO Content Monitoring Settings (Version: 2.5.0.13220)
VAIO Control Center (Version: 4.2.0.15020)
VAIO Data Restore Tool (Version: 1.3.0.13150)
VAIO DVD Menu Data (Version: 2.1.00.13210)
VAIO Entertainment Platform (Version: 3.7.0.16080)
VAIO Event Service (Version: 5.2.0.15020)
VAIO Gate (Version: 2.0.0.14050)
VAIO Gate Default (Version: 2.0.0.04160)
VAIO Hardware Diagnostics (Version: 3.9.1)
VAIO Help and Support (Version: 11.00.0225)
VAIO Help and Support Update (Version: 1.00.0309)
VAIO Manual (Version: 1.0.0.03290)
VAIO Media plus (Version: 2.1.0.15040)
VAIO Media plus Opening Movie (Version: 2.1.0.14080)
VAIO Messenger (Version: 2.0.348.0)
VAIO Movie Story MergeModules x64 (Version: 1.0.14240)
VAIO Movie Story Template Data (Version: 2.1.00.14040)
VAIO Original Function Settings (Version: 2.1.0.13120)
VAIO Power Management (Version: 5.1.0.15250)
VAIO Sample Contents (Version: 1.2.0.16080)
VAIO Survey (Version: 6.00.1028)
VAIO Transfer Support (Version: 1.1.1.13070)
VAIO Update 5 (Version: 5.1.0.13220)
VAIO Wallpaper Contents (Version: 2.1.0.14090)
VLC media player 1.1.11 (Version: 1.1.11)
VMp MergeModule x64 (Version: 1.0.0)
WIDCOMM Bluetooth Software (Version: 6.2.1.500)
Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) (Version: 09/09/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR archiver
YouTube Downloader 2.6.5
YouTube Downloader Toolbar v1.0 (Version: 1.1.2)
Yugioh Virtual Dueling (Version: 9.0)
YVD (Version: 1.0.0)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 2810.9 MB
Available physical RAM: 1745.14 MB
Total Pagefile: 5782.74 MB
Available Pagefile: 3641.74 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.44 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:288.63 GB) (Free:189.53 GB) NTFS

========================= Users: ========================================

User accounts for \\NANTAH-VAIO

Administrator Guest Nantah

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:40 PM

Posted 29 January 2012 - 08:41 PM

Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.



Now we need to uninstall these and update/
Google Toolbar for Internet Explorer (Version: 7.2.2427.2330)
Java™ 6 Update 18 (64-bit) (Version: 6.0.180)
Java™ 6 Update 26 (Version: 6.0.260)
Adobe Reader 9.2 (Version: 9.2.0)

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u2-windows-i586.exe (or jre-7u2-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional




If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users