Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan in svchost :-(


  • This topic is locked This topic is locked
21 replies to this topic

#1 kmcelroy

kmcelroy

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 25 March 2012 - 12:20 PM

I have ran malwarebytes several times and each time it says this trojan is there but cannot seem to get rid of it. My computer has been low on physical memory and keeps going to blue screen because of this trojan. Please Help.

BC AdBot (Login to Remove)

 


#2 kmcelroy

kmcelroy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 25 March 2012 - 03:51 PM

This is my DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by owner at 13:28:14 on 2012-03-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3962.2128 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
-netsvcs
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\lxbkcoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sony\VAIO Care\collsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\owner\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\owner\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\wuauclt.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\Downloads\Defogger.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
uInternet Settings,ProxyOverride = *.local
BHO: MRI_DISABLED - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MRI_DI~1\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MRI_DI~1\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{75C47739-151B-48D6-B9F5-13EBE8FAB116} : DhcpNameServer = 192.168.11.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: MRI_DISABLED - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\r7j536r8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Users\owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\owner\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: C:\Users\owner\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 lxbk_device;lxbk_device;C:\Windows\system32\lxbkcoms.exe -service --> C:\Windows\system32\lxbkcoms.exe -service [?]
R2 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2007-1-14 167424]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2007-1-14 104960]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-2-21 411496]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-9-3 446464]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-1-14 369952]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-9-23 1429608]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe [2007-1-14 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe [2007-1-14 353568]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe [2007-1-14 62752]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2007-1-14 108832]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-2 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-03-23 22:55:23 -------- d-----w- C:\Users\owner\2012-03-23 Washington fingerprints
2012-03-23 22:54:34 -------- d-----w- C:\Users\owner\2012-03-23 oregon fingerprints
2012-03-23 20:14:55 -------- d-----w- C:\Users\owner\2012-03-23 Jim final assessment6
2012-03-23 20:13:48 -------- d-----w- C:\Users\owner\2012-03-23 Jim final assessment5
2012-03-23 20:12:45 -------- d-----w- C:\Users\owner\2012-03-23 Jim Final Assessment4
2012-03-23 20:11:46 -------- d-----w- C:\Users\owner\2012-03-23 jim final assessment3
2012-03-23 20:10:41 -------- d-----w- C:\Users\owner\2012-03-23 Jim Final assessment2
2012-03-23 20:09:30 -------- d-----w- C:\Users\owner\2012-03-23 Jim final assessment
2012-03-23 19:37:37 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EA98027C-ECFE-47F8-ADDC-B4A9BD1E1720}\mpengine.dll
2012-03-21 21:20:20 -------- d-----w- C:\Users\owner\2012-03-21 Washington fingerprints
2012-03-21 21:17:07 -------- d-----w- C:\Users\owner\2012-03-21 Orella
2012-03-21 21:15:20 -------- d-----w- C:\Users\owner\2012-03-21 Tarleton transcript
2012-03-21 21:13:08 -------- d-----w- C:\Users\owner\2012-03-21 Clark Transcript
2012-03-21 21:10:26 -------- d-----w- C:\Users\owner\2012-03-21 WA temporary license
2012-03-21 21:04:26 -------- d-----w- C:\Users\owner\2012-03-21 Masters Degree
2012-03-21 20:55:18 -------- d-----w- C:\Users\owner\2012-03-21 BS-P
2012-03-21 20:54:15 -------- d-----w- C:\Users\owner\2012-03-21 OR teaching certificate back
2012-03-21 20:52:09 -------- d-----w- C:\Users\owner\2012-03-21 OR teaching license
2012-03-21 20:50:06 -------- d-----w- C:\Users\owner\2012-03-21 Paul Letter of recommendation
2012-03-21 20:47:36 -------- d-----w- C:\Users\owner\2012-03-21 cecilia letter of recommendation
2012-03-21 20:46:22 -------- d-----w- C:\Users\owner\2012-03-21 Jim letter of recommenation
2012-03-21 20:45:21 -------- d-----w- C:\Users\owner\2012-03-21 transcript 2
2012-03-21 20:44:22 -------- d-----w- C:\Users\owner\2012-03-21 transcript 1
2012-03-16 14:32:06 20480 ------w- C:\Windows\svchost.exe
2012-03-13 18:15:48 708096 ----a-w- C:\Windows\System32\rdpencom.dll
2012-03-13 18:15:48 613376 ----a-w- C:\Windows\SysWow64\rdpencom.dll
2012-03-13 18:15:48 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-02-23 16:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys
2012-01-03 14:25:21 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 13:28:58.88 ===============


The Attach file


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/18/2009 5:18:31 AM
System Uptime: 3/25/2012 9:33:55 AM (4 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz | N/A | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 52.617 GiB free.
D: is Removable
E: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 2
Click to Disc
Click to Disc Editor
Compatibility Pack for the 2007 Office system
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 8.0.6.8 (05/01/2011)
Facebook Plug-In
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java™ 6 Update 24
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Move Media Player
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music Transfer
OpenMG Secure Module 5.1.00
Primo
QuickTime
Realtek High Definition Audio Driver
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Scrabble Complete
Scrivener
Search Toolbar
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Setting Utility Series
Sony Picture Utility
Sony Video Shared Library
Spelling Dictionaries Support For Adobe Reader 9
SupportSoft Assisted Service
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO Care
VAIO Content Folder Setting
VAIO Content Folder Watcher
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Help and Support
VAIO Launcher
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO My Memory Center
VAIO OOBE and Welcome Center
VAIO Original Function Setting
VAIO Power Management
VAIO Startup Assistant
VAIO Survey
VAIO Update
VAIO Wallpaper Contents
VAIO Wireless Wizard
Windows Media Player Firefox Plugin
WinDVD for VAIO
World Mosaics 2 (remove only)
.
==== Event Viewer Messages From Past Week ========
.
3/25/2012 9:34:49 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall
3/25/2012 9:34:24 AM, Error: EventLog [6008] - The previous system shutdown at 9:32:49 AM on 3/25/2012 was unexpected.
3/25/2012 9:34:12 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
3/25/2012 8:16:38 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VAIO Content Metadata Intelligent Analyzing Manager service to connect.
3/25/2012 8:16:38 AM, Error: Service Control Manager [7000] - The VAIO Content Metadata Intelligent Analyzing Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/22/2012 2:03:32 PM, Error: EventLog [6008] - The previous system shutdown at 2:00:02 PM on 3/22/2012 was unexpected.
3/22/2012 1:59:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/22/2012 1:59:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
3/22/2012 1:59:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
3/22/2012 1:59:09 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/22/2012 1:59:09 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/22/2012 1:59:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
3/22/2012 1:56:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
3/22/2012 1:56:26 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/22/2012 1:55:15 PM, Error: EventLog [6008] - The previous system shutdown at 1:53:08 PM on 3/22/2012 was unexpected.
3/21/2012 11:50:55 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/21/2012 11:50:55 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/21/2012 11:49:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================

I tired to run the gmer file but was not allowed to check some of the boxes the tutorial requested (system, sections, iat/eat, devices, modules, processes, threads, libraries) are all dim and uncheck able, so is the "show all" box, and the only drives able to be checked is the c:\ drive. no others are listed. I did not run the scan wanting to see if there is something I am missing in the set up process of this application.

#3 kmcelroy

kmcelroy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 25 March 2012 - 05:30 PM

Realized I cannot run gmer because I have 64 bit version. Duh. lol

Edited by kmcelroy, 25 March 2012 - 05:32 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:30 AM

Posted 26 March 2012 - 08:42 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kmcelroy

kmcelroy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 26 March 2012 - 02:33 PM

Alright sir here is the Combofix log. The program seemed to run just fine.

ComboFix 12-03-26.02 - owner 03/26/2012 12:12:19.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3962.2367 [GMT -7:00]
Running from: c:\users\owner\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\Roaming
c:\users\owner\AppData\Roaming\inst.exe
c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\r7j536r8.default\searchplugins\bing-zugo.xml
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-26 to 2012-03-26 )))))))))))))))))))))))))))))))
.
.
2012-03-23 22:55 . 2012-03-23 22:55 -------- d-----w- c:\users\owner\2012-03-23 Washington fingerprints
2012-03-23 22:54 . 2012-03-23 22:54 -------- d-----w- c:\users\owner\2012-03-23 oregon fingerprints
2012-03-23 20:14 . 2012-03-23 20:14 -------- d-----w- c:\users\owner\2012-03-23 Jim final assessment6
2012-03-23 20:13 . 2012-03-23 20:13 -------- d-----w- c:\users\owner\2012-03-23 Jim final assessment5
2012-03-23 20:12 . 2012-03-23 20:12 -------- d-----w- c:\users\owner\2012-03-23 Jim Final Assessment4
2012-03-23 20:11 . 2012-03-23 20:11 -------- d-----w- c:\users\owner\2012-03-23 jim final assessment3
2012-03-23 20:10 . 2012-03-23 20:10 -------- d-----w- c:\users\owner\2012-03-23 Jim Final assessment2
2012-03-23 20:09 . 2012-03-23 20:09 -------- d-----w- c:\users\owner\2012-03-23 Jim final assessment
2012-03-23 19:37 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA98027C-ECFE-47F8-ADDC-B4A9BD1E1720}\mpengine.dll
2012-03-21 21:20 . 2012-03-21 21:20 -------- d-----w- c:\users\owner\2012-03-21 Washington fingerprints
2012-03-21 21:17 . 2012-03-21 21:17 -------- d-----w- c:\users\owner\2012-03-21 Orella
2012-03-21 21:15 . 2012-03-21 21:15 -------- d-----w- c:\users\owner\2012-03-21 Tarleton transcript
2012-03-21 21:13 . 2012-03-21 21:13 -------- d-----w- c:\users\owner\2012-03-21 Clark Transcript
2012-03-21 21:10 . 2012-03-21 21:10 -------- d-----w- c:\users\owner\2012-03-21 WA temporary license
2012-03-21 21:04 . 2012-03-21 21:04 -------- d-----w- c:\users\owner\2012-03-21 Masters Degree
2012-03-21 20:55 . 2012-03-21 20:55 -------- d-----w- c:\users\owner\2012-03-21 BS-P
2012-03-21 20:54 . 2012-03-21 20:54 -------- d-----w- c:\users\owner\2012-03-21 OR teaching certificate back
2012-03-21 20:52 . 2012-03-21 20:52 -------- d-----w- c:\users\owner\2012-03-21 OR teaching license
2012-03-21 20:50 . 2012-03-21 20:50 -------- d-----w- c:\users\owner\2012-03-21 Paul Letter of recommendation
2012-03-21 20:47 . 2012-03-21 20:47 -------- d-----w- c:\users\owner\2012-03-21 cecilia letter of recommendation
2012-03-21 20:46 . 2012-03-21 20:46 -------- d-----w- c:\users\owner\2012-03-21 Jim letter of recommenation
2012-03-21 20:45 . 2012-03-21 20:45 -------- d-----w- c:\users\owner\2012-03-21 transcript 2
2012-03-21 20:44 . 2012-03-21 20:44 -------- d-----w- c:\users\owner\2012-03-21 transcript 1
2012-03-16 14:32 . 2009-10-09 21:56 20480 ----a-w- c:\windows\svchost.exe
2012-03-13 18:15 . 2012-01-09 16:16 708096 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 18:15 . 2012-01-09 15:54 613376 ----a-w- c:\windows\SysWow64\rdpencom.dll
2012-03-13 18:15 . 2012-01-09 14:27 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 16:18 . 2009-11-28 16:00 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-03 14:25 . 2012-02-16 17:22 404992 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-6-3 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-10-14 1062440]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-12-09 17:27 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2008-04-04 04:32 317280 ----a-w- c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIORegistration]
2008-06-26 21:42 16384 ----a-w- c:\program files\Sony\First Experience\WelcomeLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2008-07-25 19:21 385024 ----a-w- c:\program files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VWLASU]
2008-05-20 21:48 24576 ----a-w- c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1087568233-3526310257-1928379181-1000Core.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 22:28]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1087568233-3526310257-1928379181-1000UA.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 22:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-16 6430208]
"Skytel"="Skytel.exe" [2008-09-16 1826816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.11.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\r7j536r8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Intuit SyncManager - c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files (x86)\Java\jre1.6.0\bin\jusched.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@SACL=
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-26 12:23:10
ComboFix-quarantined-files.txt 2012-03-26 19:23
.
Pre-Run: 64,223,756,288 bytes free
Post-Run: 64,436,297,728 bytes free
.
- - End Of File - - 924A2358567DF3F0291654A1B46D5182

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:30 AM

Posted 26 March 2012 - 02:59 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 kmcelroy

kmcelroy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 26 March 2012 - 03:49 PM

Ran tdsskiller and it had no problems running here is it's report:


13:12:05.0318 1768 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
13:12:05.0724 1768 ============================================================
13:12:05.0724 1768 Current date / time: 2012/03/26 13:12:05.0724
13:12:05.0724 1768 SystemInfo:
13:12:05.0724 1768
13:12:05.0724 1768 OS Version: 6.0.6002 ServicePack: 2.0
13:12:05.0724 1768 Product type: Workstation
13:12:05.0724 1768 ComputerName: OWNER-PC
13:12:05.0724 1768 UserName: owner
13:12:05.0724 1768 Windows directory: C:\Windows
13:12:05.0724 1768 System windows directory: C:\Windows
13:12:05.0724 1768 Running under WOW64
13:12:05.0724 1768 Processor architecture: Intel x64
13:12:05.0724 1768 Number of processors: 2
13:12:05.0724 1768 Page size: 0x1000
13:12:05.0724 1768 Boot type: Normal boot
13:12:05.0724 1768 ============================================================
13:12:06.0207 1768 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:12:06.0223 1768 \Device\Harddisk0\DR0:
13:12:06.0223 1768 MBR used
13:12:06.0223 1768 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1496000, BlocksNum 0x1BD2F170
13:12:06.0254 1768 Initialize success
13:12:06.0254 1768 ============================================================
13:12:38.0291 1248 ============================================================
13:12:38.0291 1248 Scan started
13:12:38.0291 1248 Mode: Manual;
13:12:38.0291 1248 ============================================================
13:12:38.0713 1248 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
13:12:38.0713 1248 ACDaemon - ok
13:12:38.0853 1248 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
13:12:38.0853 1248 ACPI - ok
13:12:38.0962 1248 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:12:38.0962 1248 AdobeARMservice - ok
13:12:39.0087 1248 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
13:12:39.0087 1248 adp94xx - ok
13:12:39.0227 1248 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
13:12:39.0227 1248 adpahci - ok
13:12:39.0352 1248 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
13:12:39.0352 1248 adpu160m - ok
13:12:39.0399 1248 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
13:12:39.0399 1248 adpu320 - ok
13:12:39.0493 1248 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
13:12:39.0493 1248 AeLookupSvc - ok
13:12:39.0664 1248 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
13:12:39.0680 1248 AFD - ok
13:12:39.0773 1248 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
13:12:39.0773 1248 agp440 - ok
13:12:39.0851 1248 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
13:12:39.0851 1248 aic78xx - ok
13:12:39.0914 1248 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
13:12:39.0929 1248 ALG - ok
13:12:40.0039 1248 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
13:12:40.0039 1248 aliide - ok
13:12:40.0117 1248 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
13:12:40.0117 1248 amdide - ok
13:12:40.0241 1248 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
13:12:40.0241 1248 AmdK8 - ok
13:12:40.0304 1248 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
13:12:40.0304 1248 Appinfo - ok
13:12:40.0444 1248 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:12:40.0444 1248 Apple Mobile Device - ok
13:12:40.0553 1248 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
13:12:40.0553 1248 arc - ok
13:12:40.0616 1248 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
13:12:40.0631 1248 arcsas - ok
13:12:40.0725 1248 ArcSoftKsUFilter (1ce3822b05a5e229286a15ea39369870) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
13:12:40.0725 1248 ArcSoftKsUFilter - ok
13:12:40.0803 1248 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
13:12:40.0803 1248 AsyncMac - ok
13:12:40.0881 1248 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
13:12:40.0881 1248 atapi - ok
13:12:41.0021 1248 athr (45511c7e870d3adddd60049232ea96b3) C:\Windows\system32\DRIVERS\athrx.sys
13:12:41.0021 1248 athr - ok
13:12:41.0131 1248 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
13:12:41.0146 1248 AudioEndpointBuilder - ok
13:12:41.0193 1248 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
13:12:41.0193 1248 AudioSrv - ok
13:12:41.0318 1248 Beep - ok
13:12:41.0645 1248 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
13:12:41.0645 1248 BFE - ok
13:12:41.0817 1248 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
13:12:41.0833 1248 BITS - ok
13:12:41.0989 1248 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
13:12:41.0989 1248 blbdrive - ok
13:12:42.0113 1248 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
13:12:42.0113 1248 Bonjour Service - ok
13:12:42.0363 1248 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
13:12:42.0363 1248 bowser - ok
13:12:42.0659 1248 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
13:12:42.0659 1248 BrFiltLo - ok
13:12:42.0847 1248 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
13:12:42.0847 1248 BrFiltUp - ok
13:12:42.0971 1248 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
13:12:42.0971 1248 Browser - ok
13:12:43.0049 1248 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
13:12:43.0049 1248 Brserid - ok
13:12:43.0174 1248 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
13:12:43.0174 1248 BrSerWdm - ok
13:12:43.0471 1248 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
13:12:43.0471 1248 BrUsbMdm - ok
13:12:43.0627 1248 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
13:12:43.0627 1248 BrUsbSer - ok
13:12:43.0767 1248 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys
13:12:43.0767 1248 BthEnum - ok
13:12:43.0861 1248 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
13:12:43.0861 1248 BTHMODEM - ok
13:12:43.0939 1248 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
13:12:43.0939 1248 BthPan - ok
13:12:44.0017 1248 BTHPORT (e1466882252ff51edde48c3f7eda2591) C:\Windows\system32\Drivers\BTHport.sys
13:12:44.0017 1248 BTHPORT - ok
13:12:44.0110 1248 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
13:12:44.0110 1248 BthServ - ok
13:12:44.0188 1248 BTHUSB (970192cded77a128e7e30722e5ee6b9c) C:\Windows\system32\Drivers\BTHUSB.sys
13:12:44.0188 1248 BTHUSB - ok
13:12:44.0266 1248 btwaudio (af1d3519b4914100b07cc396020836f5) C:\Windows\system32\drivers\btwaudio.sys
13:12:44.0266 1248 btwaudio - ok
13:12:44.0313 1248 btwavdt (9b87dd0c292c857a3461739fc99bd9ca) C:\Windows\system32\drivers\btwavdt.sys
13:12:44.0329 1248 btwavdt - ok
13:12:44.0453 1248 btwdins (e090e9f1a10ab395b138357f2c600082) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
13:12:44.0453 1248 btwdins - ok
13:12:44.0531 1248 btwl2cap (d33875ca5940f2e0ed06fb74d556e2db) C:\Windows\system32\DRIVERS\btwl2cap.sys
13:12:44.0531 1248 btwl2cap - ok
13:12:44.0578 1248 btwrchid (09b9b17ed78e0307798ceb9904f1a4c5) C:\Windows\system32\DRIVERS\btwrchid.sys
13:12:44.0578 1248 btwrchid - ok
13:12:44.0578 1248 catchme - ok
13:12:44.0656 1248 CAXHWAZL (068f9e92ac62a6c4a7cc490756ae32d4) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
13:12:44.0656 1248 CAXHWAZL - ok
13:12:44.0734 1248 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
13:12:44.0734 1248 cdfs - ok
13:12:44.0812 1248 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
13:12:44.0812 1248 cdrom - ok
13:12:44.0906 1248 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
13:12:44.0906 1248 CertPropSvc - ok
13:12:44.0968 1248 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
13:12:44.0968 1248 circlass - ok
13:12:45.0031 1248 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
13:12:45.0046 1248 CLFS - ok
13:12:45.0124 1248 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:12:45.0124 1248 clr_optimization_v2.0.50727_32 - ok
13:12:45.0233 1248 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:12:45.0233 1248 clr_optimization_v2.0.50727_64 - ok
13:12:45.0327 1248 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:12:45.0327 1248 clr_optimization_v4.0.30319_32 - ok
13:12:45.0436 1248 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:12:45.0436 1248 clr_optimization_v4.0.30319_64 - ok
13:12:45.0514 1248 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
13:12:45.0514 1248 CmBatt - ok
13:12:45.0561 1248 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
13:12:45.0561 1248 cmdide - ok
13:12:45.0592 1248 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
13:12:45.0592 1248 Compbatt - ok
13:12:45.0608 1248 COMSysApp - ok
13:12:45.0623 1248 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
13:12:45.0623 1248 crcdisk - ok
13:12:45.0717 1248 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
13:12:45.0733 1248 CryptSvc - ok
13:12:45.0826 1248 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
13:12:45.0842 1248 DcomLaunch - ok
13:12:45.0935 1248 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
13:12:45.0935 1248 DfsC - ok
13:12:46.0091 1248 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
13:12:46.0107 1248 DFSR - ok
13:12:46.0232 1248 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
13:12:46.0247 1248 Dhcp - ok
13:12:46.0357 1248 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
13:12:46.0357 1248 disk - ok
13:12:46.0372 1248 DMICall - ok
13:12:46.0450 1248 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
13:12:46.0466 1248 Dnscache - ok
13:12:46.0528 1248 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
13:12:46.0528 1248 dot3svc - ok
13:12:46.0591 1248 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
13:12:46.0591 1248 DPS - ok
13:12:46.0684 1248 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
13:12:46.0684 1248 drmkaud - ok
13:12:46.0762 1248 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
13:12:46.0778 1248 DXGKrnl - ok
13:12:46.0903 1248 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
13:12:46.0903 1248 E1G60 - ok
13:12:46.0981 1248 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
13:12:46.0981 1248 EapHost - ok
13:12:47.0074 1248 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
13:12:47.0074 1248 Ecache - ok
13:12:47.0121 1248 ehRecvr (33510be001ccdb5a01fcc88f4dd8dfc7) C:\Windows\ehome\ehRecvr.exe
13:12:47.0121 1248 ehRecvr - ok
13:12:47.0152 1248 ehSched (1abc6436b0edaa3d496d9c827f92820d) C:\Windows\ehome\ehsched.exe
13:12:47.0152 1248 ehSched - ok
13:12:47.0152 1248 ehstart (08f48cb2cd4019afb0456869b49cd76f) C:\Windows\ehome\ehstart.dll
13:12:47.0152 1248 ehstart - ok
13:12:47.0230 1248 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
13:12:47.0230 1248 elxstor - ok
13:12:47.0308 1248 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
13:12:47.0324 1248 EMDMgmt - ok
13:12:47.0386 1248 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
13:12:47.0386 1248 ErrDev - ok
13:12:47.0480 1248 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
13:12:47.0480 1248 EventSystem - ok
13:12:47.0589 1248 EvtEng (b18c5ed2ea15c1956c6558052253d93e) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:12:47.0605 1248 EvtEng - ok
13:12:47.0698 1248 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
13:12:47.0698 1248 exfat - ok
13:12:47.0776 1248 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
13:12:47.0776 1248 fastfat - ok
13:12:47.0870 1248 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
13:12:47.0870 1248 fdc - ok
13:12:47.0948 1248 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
13:12:47.0948 1248 fdPHost - ok
13:12:48.0010 1248 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
13:12:48.0010 1248 FDResPub - ok
13:12:48.0088 1248 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
13:12:48.0088 1248 FileInfo - ok
13:12:48.0151 1248 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
13:12:48.0151 1248 Filetrace - ok
13:12:48.0197 1248 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:12:48.0197 1248 flpydisk - ok
13:12:48.0244 1248 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
13:12:48.0244 1248 FltMgr - ok
13:12:48.0431 1248 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
13:12:48.0447 1248 FontCache - ok
13:12:48.0587 1248 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:12:48.0603 1248 FontCache3.0.0.0 - ok
13:12:48.0790 1248 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
13:12:48.0790 1248 Fs_Rec - ok
13:12:48.0931 1248 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
13:12:48.0931 1248 gagp30kx - ok
13:12:49.0009 1248 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:12:49.0009 1248 GEARAspiWDM - ok
13:12:49.0133 1248 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
13:12:49.0133 1248 gpsvc - ok
13:12:49.0274 1248 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
13:12:49.0274 1248 HdAudAddService - ok
13:12:49.0601 1248 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:12:49.0601 1248 HDAudBus - ok
13:12:49.0867 1248 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
13:12:49.0867 1248 HidBth - ok
13:12:49.0991 1248 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
13:12:49.0991 1248 HidIr - ok
13:12:50.0132 1248 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
13:12:50.0132 1248 hidserv - ok
13:12:50.0335 1248 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
13:12:50.0335 1248 HidUsb - ok
13:12:50.0428 1248 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
13:12:50.0428 1248 hkmsvc - ok
13:12:50.0522 1248 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
13:12:50.0522 1248 HpCISSs - ok
13:12:50.0584 1248 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
13:12:50.0584 1248 HSFHWAZL - ok
13:12:50.0662 1248 HSF_DPV (b3f49b6902ce81d9f20eaaee20ebf7af) C:\Windows\system32\DRIVERS\CAX_DPV.sys
13:12:50.0678 1248 HSF_DPV - ok
13:12:50.0787 1248 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
13:12:50.0787 1248 HTTP - ok
13:12:50.0896 1248 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
13:12:50.0896 1248 i2omp - ok
13:12:50.0943 1248 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
13:12:50.0943 1248 i8042prt - ok
13:12:51.0005 1248 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
13:12:51.0005 1248 iaStor - ok
13:12:51.0083 1248 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
13:12:51.0083 1248 iaStorV - ok
13:12:51.0208 1248 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:12:51.0224 1248 idsvc - ok
13:12:51.0520 1248 igfx (51d1fc6b0d4c3855a75d167da9d87bba) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:12:51.0567 1248 igfx - ok
13:12:51.0645 1248 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
13:12:51.0645 1248 iirsp - ok
13:12:51.0707 1248 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
13:12:51.0707 1248 IKEEXT - ok
13:12:51.0817 1248 IntcAzAudAddService (46cb3abe8150e7b181e86d4906de17e8) C:\Windows\system32\drivers\RTKVHD64.sys
13:12:51.0832 1248 IntcAzAudAddService - ok
13:12:51.0926 1248 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
13:12:51.0926 1248 intelide - ok
13:12:51.0973 1248 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
13:12:51.0973 1248 intelppm - ok
13:12:52.0019 1248 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
13:12:52.0019 1248 IPBusEnum - ok
13:12:52.0097 1248 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:12:52.0097 1248 IpFilterDriver - ok
13:12:52.0144 1248 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
13:12:52.0144 1248 iphlpsvc - ok
13:12:52.0191 1248 IpInIp - ok
13:12:52.0238 1248 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
13:12:52.0238 1248 IPMIDRV - ok
13:12:52.0253 1248 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
13:12:52.0253 1248 IPNAT - ok
13:12:52.0347 1248 iPod Service (f8e8676d1b6b2cc12df9aa6b1a43d929) C:\Program Files\iPod\bin\iPodService.exe
13:12:52.0363 1248 iPod Service - ok
13:12:52.0441 1248 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
13:12:52.0441 1248 IRENUM - ok
13:12:52.0487 1248 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
13:12:52.0487 1248 isapnp - ok
13:12:52.0597 1248 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
13:12:52.0597 1248 iScsiPrt - ok
13:12:52.0628 1248 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
13:12:52.0628 1248 iteatapi - ok
13:12:52.0659 1248 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
13:12:52.0659 1248 iteraid - ok
13:12:52.0706 1248 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
13:12:52.0706 1248 IviRegMgr - ok
13:12:52.0784 1248 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
13:12:52.0784 1248 kbdclass - ok
13:12:52.0846 1248 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
13:12:52.0846 1248 kbdhid - ok
13:12:52.0877 1248 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:12:52.0877 1248 KeyIso - ok
13:12:52.0971 1248 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
13:12:52.0987 1248 KSecDD - ok
13:12:53.0033 1248 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
13:12:53.0033 1248 ksthunk - ok
13:12:53.0111 1248 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
13:12:53.0111 1248 KtmRm - ok
13:12:53.0174 1248 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
13:12:53.0174 1248 LanmanServer - ok
13:12:53.0267 1248 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
13:12:53.0267 1248 LanmanWorkstation - ok
13:12:53.0345 1248 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
13:12:53.0345 1248 lltdio - ok
13:12:53.0392 1248 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
13:12:53.0392 1248 lltdsvc - ok
13:12:53.0486 1248 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
13:12:53.0486 1248 lmhosts - ok
13:12:53.0564 1248 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
13:12:53.0564 1248 LSI_FC - ok
13:12:53.0642 1248 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
13:12:53.0642 1248 LSI_SAS - ok
13:12:53.0689 1248 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
13:12:53.0689 1248 LSI_SCSI - ok
13:12:53.0767 1248 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
13:12:53.0767 1248 luafv - ok
13:12:53.0813 1248 lxbk_device - ok
13:12:53.0860 1248 Mcx2Svc (6da30c0de0cc8525e89d612c5063cac1) C:\Windows\system32\Mcx2Svc.dll
13:12:53.0860 1248 Mcx2Svc - ok
13:12:53.0969 1248 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:12:53.0969 1248 mdmxsdk - ok
13:12:54.0001 1248 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
13:12:54.0001 1248 megasas - ok
13:12:54.0047 1248 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
13:12:54.0047 1248 MegaSR - ok
13:12:54.0157 1248 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:12:54.0157 1248 Microsoft Office Groove Audit Service - ok
13:12:54.0235 1248 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
13:12:54.0235 1248 MMCSS - ok
13:12:54.0313 1248 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
13:12:54.0313 1248 Modem - ok
13:12:54.0328 1248 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
13:12:54.0328 1248 monitor - ok
13:12:54.0344 1248 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
13:12:54.0359 1248 mouclass - ok
13:12:54.0422 1248 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
13:12:54.0422 1248 mouhid - ok
13:12:54.0469 1248 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
13:12:54.0469 1248 MountMgr - ok
13:12:54.0500 1248 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
13:12:54.0500 1248 mpio - ok
13:12:54.0531 1248 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
13:12:54.0531 1248 mpsdrv - ok
13:12:54.0625 1248 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
13:12:54.0625 1248 MpsSvc - ok
13:12:54.0812 1248 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
13:12:54.0812 1248 Mraid35x - ok
13:12:55.0046 1248 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
13:12:55.0046 1248 MRxDAV - ok
13:12:55.0217 1248 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:12:55.0217 1248 mrxsmb - ok
13:12:55.0405 1248 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:12:55.0405 1248 mrxsmb10 - ok
13:12:55.0529 1248 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:12:55.0529 1248 mrxsmb20 - ok
13:12:55.0639 1248 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
13:12:55.0639 1248 msahci - ok
13:12:55.0748 1248 MSCSPTISRV (a99d2c7e30ad63ef920a894131caf5f7) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
13:12:55.0748 1248 MSCSPTISRV - ok
13:12:55.0904 1248 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
13:12:55.0904 1248 msdsm - ok
13:12:56.0029 1248 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
13:12:56.0029 1248 MSDTC - ok
13:12:56.0138 1248 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
13:12:56.0138 1248 Msfs - ok
13:12:56.0216 1248 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
13:12:56.0216 1248 msisadrv - ok
13:12:56.0278 1248 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
13:12:56.0278 1248 MSiSCSI - ok
13:12:56.0387 1248 msiserver - ok
13:12:56.0497 1248 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
13:12:56.0497 1248 MSKSSRV - ok
13:12:56.0606 1248 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
13:12:56.0606 1248 MSPCLOCK - ok
13:12:56.0731 1248 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
13:12:56.0731 1248 MSPQM - ok
13:12:56.0918 1248 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
13:12:56.0918 1248 MsRPC - ok
13:12:57.0058 1248 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
13:12:57.0058 1248 mssmbios - ok
13:12:57.0105 1248 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
13:12:57.0105 1248 MSTEE - ok
13:12:57.0261 1248 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
13:12:57.0277 1248 Mup - ok
13:12:57.0526 1248 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
13:12:57.0526 1248 napagent - ok
13:12:57.0729 1248 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
13:12:57.0729 1248 NativeWifiP - ok
13:12:57.0963 1248 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
13:12:57.0979 1248 NDIS - ok
13:12:58.0119 1248 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
13:12:58.0119 1248 NdisTapi - ok
13:12:58.0244 1248 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
13:12:58.0244 1248 Ndisuio - ok
13:12:58.0322 1248 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
13:12:58.0322 1248 NdisWan - ok
13:12:58.0431 1248 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
13:12:58.0431 1248 NDProxy - ok
13:12:58.0462 1248 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
13:12:58.0462 1248 NetBIOS - ok
13:12:58.0618 1248 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
13:12:58.0634 1248 netbt - ok
13:12:58.0790 1248 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:12:58.0790 1248 Netlogon - ok
13:12:59.0039 1248 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
13:12:59.0039 1248 Netman - ok
13:12:59.0133 1248 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
13:12:59.0133 1248 netprofm - ok
13:12:59.0305 1248 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:12:59.0305 1248 NetTcpPortSharing - ok
13:12:59.0726 1248 NETw5v64 (b0b1ba4b9ae82b8b10d972f0cadaa833) C:\Windows\system32\DRIVERS\NETw5v64.sys
13:12:59.0773 1248 NETw5v64 - ok
13:12:59.0866 1248 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
13:12:59.0866 1248 nfrd960 - ok
13:12:59.0929 1248 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
13:12:59.0929 1248 NlaSvc - ok
13:13:00.0007 1248 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
13:13:00.0007 1248 Npfs - ok
13:13:00.0038 1248 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
13:13:00.0038 1248 nsi - ok
13:13:00.0116 1248 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
13:13:00.0116 1248 nsiproxy - ok
13:13:00.0241 1248 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
13:13:00.0241 1248 Ntfs - ok
13:13:00.0319 1248 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
13:13:00.0319 1248 Null - ok
13:13:00.0365 1248 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
13:13:00.0365 1248 nvraid - ok
13:13:00.0381 1248 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
13:13:00.0381 1248 nvstor - ok
13:13:00.0412 1248 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
13:13:00.0412 1248 nv_agp - ok
13:13:00.0459 1248 NwlnkFlt - ok
13:13:00.0475 1248 NwlnkFwd - ok
13:13:00.0584 1248 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:13:00.0584 1248 odserv - ok
13:13:00.0677 1248 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
13:13:00.0677 1248 ohci1394 - ok
13:13:00.0755 1248 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:13:00.0755 1248 ose - ok
13:13:00.0865 1248 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:13:00.0865 1248 p2pimsvc - ok
13:13:00.0896 1248 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:13:00.0896 1248 p2psvc - ok
13:13:00.0974 1248 PACSPTISVR (41c33fb4fd929fed732a00d2daef5be0) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
13:13:00.0974 1248 PACSPTISVR - ok
13:13:01.0067 1248 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
13:13:01.0067 1248 Parport - ok
13:13:01.0145 1248 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
13:13:01.0161 1248 partmgr - ok
13:13:01.0223 1248 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
13:13:01.0223 1248 PcaSvc - ok
13:13:01.0301 1248 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
13:13:01.0301 1248 pci - ok
13:13:01.0379 1248 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
13:13:01.0379 1248 pciide - ok
13:13:01.0426 1248 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
13:13:01.0426 1248 pcmcia - ok
13:13:01.0489 1248 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
13:13:01.0489 1248 pcouffin - ok
13:13:01.0582 1248 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
13:13:01.0582 1248 PEAUTH - ok
13:13:01.0660 1248 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
13:13:01.0660 1248 PerfHost - ok
13:13:01.0754 1248 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
13:13:01.0769 1248 pla - ok
13:13:01.0863 1248 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
13:13:01.0863 1248 PlugPlay - ok
13:13:01.0941 1248 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:13:01.0957 1248 PNRPAutoReg - ok
13:13:01.0972 1248 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:13:01.0972 1248 PNRPsvc - ok
13:13:02.0050 1248 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
13:13:02.0050 1248 PolicyAgent - ok
13:13:02.0128 1248 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
13:13:02.0144 1248 PptpMiniport - ok
13:13:02.0222 1248 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
13:13:02.0222 1248 Processor - ok
13:13:02.0269 1248 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
13:13:02.0269 1248 ProfSvc - ok
13:13:02.0347 1248 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:13:02.0347 1248 ProtectedStorage - ok
13:13:02.0425 1248 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
13:13:02.0425 1248 PSched - ok
13:13:02.0487 1248 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
13:13:02.0487 1248 PxHlpa64 - ok
13:13:02.0549 1248 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
13:13:02.0565 1248 ql2300 - ok
13:13:02.0643 1248 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
13:13:02.0643 1248 ql40xx - ok
13:13:02.0690 1248 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
13:13:02.0690 1248 QWAVE - ok
13:13:02.0783 1248 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
13:13:02.0783 1248 QWAVEdrv - ok
13:13:02.0815 1248 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
13:13:02.0815 1248 RasAcd - ok
13:13:02.0861 1248 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
13:13:02.0861 1248 RasAuto - ok
13:13:02.0939 1248 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:13:02.0939 1248 Rasl2tp - ok
13:13:02.0986 1248 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
13:13:02.0986 1248 RasMan - ok
13:13:03.0049 1248 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
13:13:03.0049 1248 RasPppoe - ok
13:13:03.0127 1248 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
13:13:03.0127 1248 RasSstp - ok
13:13:03.0205 1248 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
13:13:03.0220 1248 rdbss - ok
13:13:03.0267 1248 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:13:03.0267 1248 RDPCDD - ok
13:13:03.0314 1248 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
13:13:03.0314 1248 rdpdr - ok
13:13:03.0329 1248 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
13:13:03.0329 1248 RDPENCDD - ok
13:13:03.0376 1248 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
13:13:03.0392 1248 RDPWD - ok
13:13:03.0470 1248 RegSrvc (d5809d9d48b7e7f57fe79cf22e18e94e) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:13:03.0470 1248 RegSrvc - ok
13:13:03.0548 1248 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
13:13:03.0548 1248 RemoteAccess - ok
13:13:03.0610 1248 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
13:13:03.0610 1248 RemoteRegistry - ok
13:13:03.0704 1248 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys
13:13:03.0704 1248 RFCOMM - ok
13:13:03.0766 1248 rimsptsk (7eae3999b94a8ce60bfbaa83462b89a1) C:\Windows\system32\DRIVERS\rimssn64.sys
13:13:03.0766 1248 rimsptsk - ok
13:13:03.0844 1248 risdptsk (fa6d7cd63ad08a01d9259f58e0c5c09e) C:\Windows\system32\DRIVERS\risdsn64.sys
13:13:03.0844 1248 risdptsk - ok
13:13:03.0891 1248 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
13:13:03.0891 1248 RpcLocator - ok
13:13:03.0969 1248 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
13:13:03.0985 1248 RpcSs - ok
13:13:04.0047 1248 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
13:13:04.0047 1248 rspndr - ok
13:13:04.0109 1248 SampleCollector (9a5fb8de6567bc86fccde2f0336857a3) C:\Program Files\Sony\VAIO Care\collsvc.exe
13:13:04.0109 1248 SampleCollector - ok
13:13:04.0203 1248 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:13:04.0203 1248 SamSs - ok
13:13:04.0281 1248 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
13:13:04.0281 1248 sbp2port - ok
13:13:04.0328 1248 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
13:13:04.0328 1248 SCardSvr - ok
13:13:04.0437 1248 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
13:13:04.0437 1248 Schedule - ok
13:13:04.0531 1248 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
13:13:04.0531 1248 SCPolicySvc - ok
13:13:04.0609 1248 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
13:13:04.0609 1248 sdbus - ok
13:13:04.0671 1248 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
13:13:04.0671 1248 SDRSVC - ok
13:13:04.0733 1248 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:13:04.0733 1248 secdrv - ok
13:13:04.0749 1248 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
13:13:04.0749 1248 seclogon - ok
13:13:04.0811 1248 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
13:13:04.0811 1248 SENS - ok
13:13:04.0858 1248 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
13:13:04.0858 1248 Serenum - ok
13:13:04.0889 1248 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
13:13:04.0889 1248 Serial - ok
13:13:04.0921 1248 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
13:13:04.0921 1248 sermouse - ok
13:13:04.0983 1248 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
13:13:04.0983 1248 SessionEnv - ok
13:13:05.0045 1248 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
13:13:05.0045 1248 SFEP - ok
13:13:05.0077 1248 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
13:13:05.0077 1248 sffdisk - ok
13:13:05.0123 1248 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
13:13:05.0123 1248 sffp_mmc - ok
13:13:05.0170 1248 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
13:13:05.0170 1248 sffp_sd - ok
13:13:05.0201 1248 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
13:13:05.0201 1248 sfloppy - ok
13:13:05.0264 1248 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
13:13:05.0264 1248 SharedAccess - ok
13:13:05.0357 1248 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
13:13:05.0357 1248 ShellHWDetection - ok
13:13:05.0404 1248 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
13:13:05.0404 1248 SiSRaid2 - ok
13:13:05.0435 1248 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
13:13:05.0435 1248 SiSRaid4 - ok
13:13:05.0529 1248 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
13:13:05.0560 1248 slsvc - ok
13:13:05.0638 1248 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
13:13:05.0638 1248 SLUINotify - ok
13:13:05.0716 1248 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
13:13:05.0716 1248 Smb - ok
13:13:05.0763 1248 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
13:13:05.0763 1248 SNMPTRAP - ok
13:13:05.0935 1248 SOHCImp (1a9dd46c547646a54cdb4065c1996a07) C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe
13:13:05.0950 1248 SOHCImp - ok
13:13:06.0028 1248 SOHDms (2e1b0d8278bb616148ddca13dae87544) C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe
13:13:06.0028 1248 SOHDms - ok
13:13:06.0059 1248 SOHDs (892529ee03211c35aea7132e119f4862) C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe
13:13:06.0059 1248 SOHDs - ok
13:13:06.0184 1248 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
13:13:06.0184 1248 spldr - ok
13:13:06.0293 1248 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
13:13:06.0293 1248 Spooler - ok
13:13:06.0356 1248 SPTISRV (f63102f289ae2039940b22e9b2a8e0bd) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
13:13:06.0356 1248 SPTISRV - ok
13:13:06.0465 1248 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
13:13:06.0465 1248 srv - ok
13:13:06.0543 1248 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
13:13:06.0543 1248 srv2 - ok
13:13:06.0574 1248 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
13:13:06.0574 1248 srvnet - ok
13:13:06.0637 1248 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
13:13:06.0637 1248 SSDPSRV - ok
13:13:06.0715 1248 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
13:13:06.0715 1248 SstpSvc - ok
13:13:06.0808 1248 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
13:13:06.0824 1248 stisvc - ok
13:13:06.0886 1248 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
13:13:06.0886 1248 swenum - ok
13:13:06.0949 1248 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
13:13:06.0949 1248 swprv - ok
13:13:07.0011 1248 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
13:13:07.0011 1248 Symc8xx - ok
13:13:07.0058 1248 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
13:13:07.0058 1248 Sym_hi - ok
13:13:07.0089 1248 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
13:13:07.0089 1248 Sym_u3 - ok
13:13:07.0151 1248 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
13:13:07.0167 1248 SysMain - ok
13:13:07.0245 1248 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
13:13:07.0245 1248 TabletInputService - ok
13:13:07.0323 1248 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
13:13:07.0323 1248 TapiSrv - ok
13:13:07.0401 1248 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
13:13:07.0401 1248 TBS - ok
13:13:07.0557 1248 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
13:13:07.0557 1248 Tcpip - ok
13:13:07.0744 1248 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
13:13:07.0760 1248 Tcpip6 - ok
13:13:07.0853 1248 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
13:13:07.0853 1248 tcpipreg - ok
13:13:07.0900 1248 TcUsb (03f3b34e066b6983dc6cade1d41f0e2c) C:\Windows\system32\Drivers\tcusb.sys
13:13:07.0900 1248 TcUsb - ok
13:13:07.0947 1248 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
13:13:07.0947 1248 TDPIPE - ok
13:13:08.0009 1248 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
13:13:08.0009 1248 TDTCP - ok
13:13:08.0072 1248 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
13:13:08.0072 1248 tdx - ok
13:13:08.0119 1248 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
13:13:08.0119 1248 TermDD - ok
13:13:08.0212 1248 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
13:13:08.0212 1248 TermService - ok
13:13:08.0275 1248 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
13:13:08.0275 1248 Themes - ok
13:13:08.0353 1248 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
13:13:08.0353 1248 THREADORDER - ok
13:13:08.0399 1248 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
13:13:08.0415 1248 TrkWks - ok
13:13:08.0509 1248 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
13:13:08.0509 1248 TrustedInstaller - ok
13:13:08.0571 1248 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:13:08.0571 1248 tssecsrv - ok
13:13:08.0633 1248 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
13:13:08.0633 1248 tunmp - ok
13:13:08.0680 1248 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
13:13:08.0680 1248 tunnel - ok
13:13:08.0727 1248 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
13:13:08.0743 1248 uagp35 - ok
13:13:08.0805 1248 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
13:13:08.0805 1248 uCamMonitor - ok
13:13:08.0914 1248 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
13:13:08.0914 1248 udfs - ok
13:13:08.0961 1248 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
13:13:08.0961 1248 UI0Detect - ok
13:13:09.0023 1248 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
13:13:09.0023 1248 uliagpkx - ok
13:13:09.0070 1248 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
13:13:09.0086 1248 uliahci - ok
13:13:09.0117 1248 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
13:13:09.0117 1248 UlSata - ok
13:13:09.0226 1248 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
13:13:09.0226 1248 ulsata2 - ok
13:13:09.0273 1248 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
13:13:09.0273 1248 umbus - ok
13:13:09.0304 1248 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
13:13:09.0320 1248 upnphost - ok
13:13:09.0413 1248 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
13:13:09.0413 1248 USBAAPL64 - ok
13:13:09.0507 1248 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
13:13:09.0507 1248 usbccgp - ok
13:13:09.0554 1248 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
13:13:09.0554 1248 usbcir - ok
13:13:09.0616 1248 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
13:13:09.0616 1248 usbehci - ok
13:13:09.0663 1248 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
13:13:09.0663 1248 usbhub - ok
13:13:09.0710 1248 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
13:13:09.0710 1248 usbohci - ok
13:13:09.0788 1248 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
13:13:09.0788 1248 usbprint - ok
13:13:09.0866 1248 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
13:13:09.0866 1248 usbscan - ok
13:13:09.0928 1248 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:13:09.0928 1248 USBSTOR - ok
13:13:09.0975 1248 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
13:13:09.0975 1248 usbuhci - ok
13:13:10.0022 1248 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
13:13:10.0022 1248 usbvideo - ok
13:13:10.0100 1248 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
13:13:10.0100 1248 UxSms - ok
13:13:10.0193 1248 VAIO Entertainment TV Device Arbitration Service (2a640dc735cb0112ac1dcd1e1549b27e) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
13:13:10.0193 1248 VAIO Entertainment TV Device Arbitration Service - ok
13:13:10.0271 1248 VAIO Power Management (3121fcc01d067ba19010e7107cb1bd44) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
13:13:10.0271 1248 VAIO Power Management - ok
13:13:10.0303 1248 VCFw (89e0efdda4287e0c9c4a61cd7e2a2232) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
13:13:10.0303 1248 VCFw - ok
13:13:10.0381 1248 VcmIAlzMgr (2686b87edc54ed215ce479ac9b7675de) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
13:13:10.0381 1248 VcmIAlzMgr - ok
13:13:10.0443 1248 VcmXmlIfHelper (24235ba03209b2bf183fcf073c3cec41) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
13:13:10.0443 1248 VcmXmlIfHelper - ok
13:13:10.0490 1248 Vcsw - ok
13:13:10.0583 1248 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
13:13:10.0599 1248 vds - ok
13:13:10.0677 1248 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
13:13:10.0677 1248 vga - ok
13:13:10.0786 1248 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
13:13:10.0786 1248 VgaSave - ok
13:13:10.0833 1248 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
13:13:10.0833 1248 viaide - ok
13:13:10.0880 1248 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
13:13:10.0880 1248 volmgr - ok
13:13:10.0958 1248 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
13:13:10.0973 1248 volmgrx - ok
13:13:11.0020 1248 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
13:13:11.0020 1248 volsnap - ok
13:13:11.0067 1248 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
13:13:11.0067 1248 vsmraid - ok
13:13:11.0161 1248 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
13:13:11.0176 1248 VSS - ok
13:13:11.0317 1248 VUAgent (d62d16e057be87f5b84a54d1b83822c4) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
13:13:11.0332 1248 VUAgent - ok
13:13:11.0410 1248 VzCdbSvc (071634532066c2e29350d450c3412837) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
13:13:11.0410 1248 VzCdbSvc - ok
13:13:11.0519 1248 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
13:13:11.0519 1248 W32Time - ok
13:13:11.0597 1248 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
13:13:11.0597 1248 WacomPen - ok
13:13:11.0707 1248 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:13:11.0707 1248 Wanarp - ok
13:13:11.0707 1248 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:13:11.0707 1248 Wanarpv6 - ok
13:13:11.0785 1248 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
13:13:11.0785 1248 wcncsvc - ok
13:13:11.0847 1248 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
13:13:11.0847 1248 WcsPlugInService - ok
13:13:11.0909 1248 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
13:13:11.0909 1248 Wd - ok
13:13:11.0956 1248 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
13:13:11.0956 1248 Wdf01000 - ok
13:13:12.0034 1248 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
13:13:12.0034 1248 WdiServiceHost - ok
13:13:12.0050 1248 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
13:13:12.0050 1248 WdiSystemHost - ok
13:13:12.0112 1248 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
13:13:12.0112 1248 WebClient - ok
13:13:12.0190 1248 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
13:13:12.0190 1248 Wecsvc - ok
13:13:12.0253 1248 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
13:13:12.0253 1248 wercplsupport - ok
13:13:12.0315 1248 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
13:13:12.0331 1248 WerSvc - ok
13:13:12.0440 1248 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
13:13:12.0440 1248 WimFltr - ok
13:13:12.0533 1248 winachsf (0208b357535431071193a7b534f5cfef) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
13:13:12.0549 1248 winachsf - ok
13:13:12.0565 1248 WinDefend - ok
13:13:12.0580 1248 WinHttpAutoProxySvc - ok
13:13:12.0689 1248 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
13:13:12.0705 1248 Winmgmt - ok
13:13:12.0830 1248 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
13:13:12.0845 1248 WinRM - ok
13:13:12.0955 1248 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
13:13:12.0970 1248 Wlansvc - ok
13:13:13.0048 1248 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
13:13:13.0048 1248 WmiAcpi - ok
13:13:13.0157 1248 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
13:13:13.0157 1248 wmiApSrv - ok
13:13:13.0189 1248 WMPNetworkSvc - ok
13:13:13.0267 1248 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
13:13:13.0267 1248 WPCSvc - ok
13:13:13.0329 1248 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
13:13:13.0329 1248 WPDBusEnum - ok
13:13:13.0391 1248 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
13:13:13.0391 1248 WpdUsb - ok
13:13:13.0547 1248 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:13:13.0563 1248 WPFFontCache_v0400 - ok
13:13:13.0641 1248 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
13:13:13.0641 1248 ws2ifsl - ok
13:13:13.0703 1248 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
13:13:13.0703 1248 wscsvc - ok
13:13:13.0750 1248 WSearch - ok
13:13:13.0906 1248 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
13:13:13.0922 1248 wuauserv - ok
13:13:14.0015 1248 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:13:14.0015 1248 WUDFRd - ok
13:13:14.0062 1248 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
13:13:14.0062 1248 wudfsvc - ok
13:13:14.0140 1248 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
13:13:14.0140 1248 XAudio - ok
13:13:14.0171 1248 XAudioService (963c27034bba4ac52a13f7a3c657c708) C:\Windows\system32\DRIVERS\xaudio64.exe
13:13:14.0187 1248 XAudioService - ok
13:13:14.0281 1248 yukonx64 (be950bff950ae6b22a9ee80bce55cc3a) C:\Windows\system32\DRIVERS\yk60x64.sys
13:13:14.0296 1248 yukonx64 - ok
13:13:14.0312 1248 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
13:13:14.0343 1248 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
13:13:14.0343 1248 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
13:13:14.0374 1248 Boot (0x1200) (9493ae7d2ff0bf8ad6794d1e7978f0db) \Device\Harddisk0\DR0\Partition0
13:13:14.0374 1248 \Device\Harddisk0\DR0\Partition0 - ok
13:13:14.0374 1248 ============================================================
13:13:14.0374 1248 Scan finished
13:13:14.0374 1248 ============================================================
13:13:14.0390 4424 Detected object count: 1
13:13:14.0390 4424 Actual detected object count: 1
13:13:27.0229 4424 \Device\Harddisk0\DR0\# - copied to quarantine
13:13:27.0229 4424 \Device\Harddisk0\DR0 - copied to quarantine
13:13:27.0260 4424 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
13:13:27.0260 4424 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
13:13:27.0260 4424 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
13:13:27.0275 4424 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
13:13:27.0275 4424 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
13:13:27.0291 4424 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
13:13:27.0291 4424 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
13:13:27.0307 4424 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
13:13:27.0307 4424 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
13:13:27.0307 4424 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
13:13:27.0307 4424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
13:13:27.0307 4424 \Device\Harddisk0\DR0 - ok
13:13:27.0650 4424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
13:13:43.0687 2436 Deinitialize success



I'm not sure if aswMBR ran a complete scan. To me it appeared to lock up on the last entry:
scanning c:\users\owner\AppData\Roaming\pcouffin.sys
but the options were available for saving the log so that was what I did and here it is.



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-26 13:17:15
-----------------------------
13:17:15.061 OS Version: Windows x64 6.0.6002 Service Pack 2
13:17:15.061 Number of processors: 2 586 0x170A
13:17:15.061 ComputerName: OWNER-PC UserName: owner
13:17:16.870 Initialize success
13:18:23.068 AVAST engine defs: 12032602
13:18:38.434 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:18:38.434 Disk 0 Vendor: Hitachi_ FBEO Size: 238475MB BusType: 3
13:18:38.450 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005a
13:18:38.450 Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0
13:18:38.450 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000005b
13:18:38.450 Disk 2 Vendor: RICOH 02 Size: 238475MB BusType: 0
13:18:38.497 Disk 0 MBR read successfully
13:18:38.512 Disk 0 MBR scan
13:18:38.512 Disk 0 Windows VISTA default MBR code
13:18:38.559 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10539 MB offset 2048
13:18:38.653 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 227934 MB offset 21585920
13:18:38.777 Disk 0 scanning C:\Windows\system32\drivers
13:19:11.849 Service scanning
13:20:00.053 Modules scanning
13:20:00.053 Disk 0 trace - called modules:
13:20:00.069 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys
13:20:00.069 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066d7790]
13:20:00.085 3 CLASSPNP.SYS[fffffa60011cec33] -> nt!IofCallDriver -> [0xfffffa8004b8fa90]
13:20:00.085 5 acpi.sys[fffffa60008fcfde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c15050]
13:20:01.411 AVAST engine scan C:\Windows
13:20:14.858 AVAST engine scan C:\Windows\system32
13:26:49.335 AVAST engine scan C:\Windows\system32\drivers
13:27:35.402 AVAST engine scan C:\Users\owner
13:43:39.934 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
13:43:39.950 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:30 AM

Posted 26 March 2012 - 03:58 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 kmcelroy

kmcelroy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 26 March 2012 - 05:36 PM

Here is the report:
Just curious is it normal when looking at task stream for my computer to say in the physical memory box (Ttal 3962, Cached 2735, Free 11)?



ComboFix 12-03-26.02 - owner 03/26/2012 14:06:03.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3962.2305 [GMT -7:00]
Running from: c:\users\owner\Downloads\ComboFix.exe
Command switches used :: c:\users\owner\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-26 to 2012-03-26 )))))))))))))))))))))))))))))))
.
.
2012-03-26 21:28 . 2012-03-26 21:28 -------- d-----w- c:\users\owner\AppData\Local\temp
2012-03-26 21:28 . 2012-03-26 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-26 20:13 . 2012-03-26 20:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-23 22:55 . 2012-03-23 22:55 -------- d-----w- c:\users\owner\2012-03-23 Washington fingerprints
2012-03-23 22:54 . 2012-03-23 22:54 -------- d-----w- c:\users\owner\2012-03-23 oregon fingerprints
2012-03-23 20:14 . 2012-03-23 20:14 -------- d-----w- c:\users\owner\2012-03-23 Jim final assessment6
2012-03-23 20:13 . 2012-03-23 20:13 -------- d-----w- c:\users\owner\2012-03-23 Jim final assessment5
2012-03-23 20:12 . 2012-03-23 20:12 -------- d-----w- c:\users\owner\2012-03-23 Jim Final Assessment4
2012-03-23 20:11 . 2012-03-23 20:11 -------- d-----w- c:\users\owner\2012-03-23 jim final assessment3
2012-03-23 20:10 . 2012-03-23 20:10 -------- d-----w- c:\users\owner\2012-03-23 Jim Final assessment2
2012-03-23 20:09 . 2012-03-23 20:09 -------- d-----w- c:\users\owner\2012-03-23 Jim final assessment
2012-03-23 19:37 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA98027C-ECFE-47F8-ADDC-B4A9BD1E1720}\mpengine.dll
2012-03-21 21:20 . 2012-03-21 21:20 -------- d-----w- c:\users\owner\2012-03-21 Washington fingerprints
2012-03-21 21:17 . 2012-03-21 21:17 -------- d-----w- c:\users\owner\2012-03-21 Orella
2012-03-21 21:15 . 2012-03-21 21:15 -------- d-----w- c:\users\owner\2012-03-21 Tarleton transcript
2012-03-21 21:13 . 2012-03-21 21:13 -------- d-----w- c:\users\owner\2012-03-21 Clark Transcript
2012-03-21 21:10 . 2012-03-21 21:10 -------- d-----w- c:\users\owner\2012-03-21 WA temporary license
2012-03-21 21:04 . 2012-03-21 21:04 -------- d-----w- c:\users\owner\2012-03-21 Masters Degree
2012-03-21 20:55 . 2012-03-21 20:55 -------- d-----w- c:\users\owner\2012-03-21 BS-P
2012-03-21 20:54 . 2012-03-21 20:54 -------- d-----w- c:\users\owner\2012-03-21 OR teaching certificate back
2012-03-21 20:52 . 2012-03-21 20:52 -------- d-----w- c:\users\owner\2012-03-21 OR teaching license
2012-03-21 20:50 . 2012-03-21 20:50 -------- d-----w- c:\users\owner\2012-03-21 Paul Letter of recommendation
2012-03-21 20:47 . 2012-03-21 20:47 -------- d-----w- c:\users\owner\2012-03-21 cecilia letter of recommendation
2012-03-21 20:46 . 2012-03-21 20:46 -------- d-----w- c:\users\owner\2012-03-21 Jim letter of recommenation
2012-03-21 20:45 . 2012-03-21 20:45 -------- d-----w- c:\users\owner\2012-03-21 transcript 2
2012-03-21 20:44 . 2012-03-21 20:44 -------- d-----w- c:\users\owner\2012-03-21 transcript 1
2012-03-13 21:18 . 2012-02-02 15:34 2765824 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 21:18 . 2012-02-14 16:49 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 21:18 . 2012-02-14 15:45 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-13 21:18 . 2012-02-13 14:38 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 21:18 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-13 21:18 . 2012-02-13 14:03 1555968 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:18 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 21:18 . 2012-02-14 16:49 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 21:18 . 2012-02-14 15:45 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-13 21:18 . 2012-02-13 14:06 834048 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 21:18 . 2012-02-13 13:47 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-13 21:18 . 2012-01-31 10:59 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-03-13 21:18 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-13 18:15 . 2012-01-09 16:16 708096 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 18:15 . 2012-01-09 15:54 613376 ----a-w- c:\windows\SysWow64\rdpencom.dll
2012-03-13 18:15 . 2012-01-09 14:27 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 16:18 . 2009-11-28 16:00 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-03 14:25 . 2012-02-16 17:22 404992 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-26_19.19.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-03-26 20:16 63228 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-03-26 20:16 78348 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-11 19:27 . 2012-03-26 15:15 19380 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1087568233-3526310257-1928379181-1000_UserData.bin
+ 2009-02-11 19:27 . 2012-03-26 20:16 19380 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1087568233-3526310257-1928379181-1000_UserData.bin
+ 2012-03-26 20:14 . 2012-03-26 20:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-26 15:13 . 2012-03-26 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-26 20:14 . 2012-03-26 20:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-26 15:13 . 2012-03-26 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-10 07:07 . 2012-03-26 20:13 394368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-10 07:07 . 2012-03-26 04:17 394368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-24 05:53 . 2012-03-26 20:13 1407996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1087568233-3526310257-1928379181-1000-8192.dat
- 2011-03-24 05:53 . 2012-03-26 04:17 1407996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1087568233-3526310257-1928379181-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-6-3 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-10-14 1062440]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-12-09 17:27 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2008-04-04 04:32 317280 ----a-w- c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files (x86)\Java\jre1.6.0\bin\jusched.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIORegistration]
2008-06-26 21:42 16384 ----a-w- c:\program files\Sony\First Experience\WelcomeLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2008-07-25 19:21 385024 ----a-w- c:\program files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VWLASU]
2008-05-20 21:48 24576 ----a-w- c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - WS2IFSL
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1087568233-3526310257-1928379181-1000Core.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 22:28]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1087568233-3526310257-1928379181-1000UA.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 22:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-16 6430208]
"Skytel"="Skytel.exe" [2008-09-16 1826816]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.11.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\r7j536r8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@SACL=
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-26 14:36:59
ComboFix-quarantined-files.txt 2012-03-26 21:36
ComboFix2.txt 2012-03-26 19:23
.
Pre-Run: 64,187,273,216 bytes free
Post-Run: 64,274,284,544 bytes free
.
- - End Of File - - 19BCA2DBBC4A9046E251EBF10BC4E3D0

#10 kmcelroy

kmcelroy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 26 March 2012 - 06:21 PM

One thing I have noticed of late, that hasn't changed since over the course of the debugging is my fan runs quite a lot. I have had issues with Sony Vaio before and their fans going kaput, but I feel like the change in fan began about the same time as the whole computer slowing down and acting wonky.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:30 AM

Posted 26 March 2012 - 08:26 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 24
Search Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 kmcelroy

kmcelroy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 26 March 2012 - 10:23 PM

MBAB Log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.26.08

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
owner :: OWNER-PC [administrator]

3/26/2012 8:03:14 PM
mbam-log-2012-03-26 (20-03-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194389
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:16:30 PM, on 3/26/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MRI_DISABLED
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxbk_device - Unknown owner - C:\Windows\system32\lxbkcoms.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Intel® Sample Collector (SampleCollector) - Intel Corporation - C:\Program Files\Sony\VAIO Care\collsvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 9941 bytes

A couple things:
1) When I was running Revo Uninstaller for "Search Bar" the following message popped up - "running the applications uninstaller failed! Possible Invalid uninstall command!" I clicked okay and it finished the process even though (at least it looked that way).
2)when loading CCleaner completely forgot to un check yahoo tool bar.
3) MBAM gave came back clean and gave me no options to remove anything.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:30 AM

Posted 26 March 2012 - 10:26 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: MRI_DISABLED
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 kmcelroy

kmcelroy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 27 March 2012 - 12:33 AM

I ran the scan(which took over an hour and a half!) and it showed I had 8 infected files, several had the world trojan next to them, but when the scan finished the list went away and all that was left was a brief synopsis along with the "finish" button. I hit the "finish" button thinking there would be yet another screen that would give me the log but it was only an advertisement to try a 30 day trial or to purchase, there was no back button and no option to view or save the log, in fact no log came up. I went to run the scan again and it says my windows defender is running and could be messing up the scan, when I went to open windows defender it said the "application failed to initialize: 0x800106ba. A problem caused this program service to stop. To start the service, restart your computer or search help and support for how to start a service manually."

Give me some guidance Obi-wan and I will get after it in the morning.

Thanks for everything you are doing,
KMcElroy


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:30 AM

Posted 27 March 2012 - 05:33 AM

Hello

I have attached a file here - I want you to run it and when asked to merge into the registry allow it



F-Secure Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go HERE to run an online scan from F-Secure
  • Click on Start scanning
  • This will open a new window

    In Interner Explorer
  • It will require an activex control, please install it
  • Click Accept

  • In Firefox
  • It will require an Add-on to be installed, please install it
  • Order to install the Add-on Firefox needs to be restarted, please do so
[*]Click Full System Scan
[*]It will now download the scanner this may take a while please be patient
[*]It will then start scanning wait for the scan to finish
[*]Click Automatic cleaning (recommended)
[*]Wait for it finish the cleaning process
[*]Click show report
[*]This will open up a window with the results of the scan copy and paste those results as a reply to this topic[/list]

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users