Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects me to spam


  • This topic is locked This topic is locked
62 replies to this topic

#1 beth819

beth819

  • Members
  • 175 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 30 April 2012 - 02:01 AM

Hello,

I was having someone help me in the "am i infected" forum here:


http://www.bleepingcomputer.com/forums/topic451457.html/page__p__2678694__fromsearch__1


When I go to search something in google/yahoo, clicking a normal link redirects me to a random/spam page. So far I've used security check, fss, minitoolbox, malwarebytes, etc as posted in the link above. I thought after doing all that it solved the problem, but as I posted it just happened again.

Thanks for your help!















.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19222 BrowserJavaVersion: 10.1.0
Run by Owner at 1:34:30 on 2012-04-30
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.907 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlbtcoms.exe
C:\Windows\system32\dlcjcoms.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ghostery Add-On: {237eb6da-3fea-4dd2-8a61-a901b5c489d7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObject.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 4.0\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: : {cbb66a7c-d257-4a02-a8d5-6c9355f91308} - c:\progra~1\onlywi~1\ONLYWI~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 4.0\aoltb.dll
TB: Onlywire Toolbar: {73e71843-3a3d-4b26-ab6e-0adcee4b5fa7} - c:\progra~1\onlywi~1\ONLYWI~1.DLL
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - No File
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [VWLASU] "c:\program files\sony\vaio pc wireless lan wizard\AutoLaunchWLASU.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16
mRun: [VAIO Center Access Bar] "c:\program files\sony\vaio center access bar\VCAB.exe" 1
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObject.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 4.0\aoltb.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6289DE1E-2EC3-49F1-822D-ADD5B2CFD6FA} : DhcpNameServer = 209.55.5.10 209.55.5.11
TCP: Interfaces\{B5137B2B-946F-4AF2-8207-2187F2F1E708} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E4F4B571-F7E7-4D40-ADB1-64058D907075} : DhcpNameServer = 209.55.5.10 209.55.5.11
Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - c:\program files\ghosteryieplugin\GhosteryMimeFilter.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\b0rth9k8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - vshare.tv Bar Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2818425&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\owner\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-20 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-2-20 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-2-20 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-20 66616]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-2 21504]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2007-11-15 204800]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-24 24652]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-10-30 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-10-30 812544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-26 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 253088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-26 136176]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-11-15 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-11-15 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-11-15 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2007-10-31 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2007-10-31 79136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [2008-3-24 79616]
.
=============== Created Last 30 ================
.
2012-04-29 19:16:35 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bfece3b3-96dc-46f4-a641-aa3ec6b5140e}\offreg.dll
2012-04-28 02:56:16 -------- d-----w- c:\program files\ESET
2012-04-27 06:03:41 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bfece3b3-96dc-46f4-a641-aa3ec6b5140e}\mpengine.dll
2012-04-26 18:56:22 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-22 22:50:14 -------- d-----w- c:\program files\iPod
2012-04-14 19:20:02 4139680 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-12 07:21:42 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:21:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:21:42 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:21:42 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:19:05 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 07:19:05 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-04 18:31:57 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-14 19:20:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-28 11:30:48 916992 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 11:25:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-28 11:25:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 11:25:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-02-28 11:25:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-28 10:07:57 385024 ----a-w- c:\windows\system32\html.iec
2012-02-28 08:12:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-28 08:08:30 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 15:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 15:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-14 15:45:30 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47:57 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 15:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-02 15:16:25 2044416 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 1:36:43.37 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 30 April 2012 - 03:09 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 beth819

beth819
  • Topic Starter

  • Members
  • 175 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 30 April 2012 - 03:19 AM

Hi Gringo,

I already ran security check in my previous post, should I just include that log after I run combox fix, or do you want me to run security check again?

Thanks,
Beth

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 30 April 2012 - 03:48 AM

go ahead and run it again - it will not hurt



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 beth819

beth819
  • Topic Starter

  • Members
  • 175 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 01 May 2012 - 01:22 AM

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
SonicStage Mastering Studio Audio Filter Custom Preset
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Secunia PSI (2.0.0.4003)
Java™ 7 Update 1
Out of date Java installed!
Adobe Flash Player 11.2.202.233
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````



ComboFix 12-04-31.03 - Owner 05/01/2012 2:00.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1009 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))
.
.
2012-04-28 02:56 . 2012-04-28 02:56 -------- d-----w- c:\program files\ESET
2012-04-27 06:03 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFECE3B3-96DC-46F4-A641-AA3EC6B5140E}\mpengine.dll
2012-04-26 18:56 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-22 22:50 . 2012-04-22 22:50 -------- d-----w- c:\program files\iPod
2012-04-14 19:20 . 2012-04-14 19:20 4139680 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-12 07:21 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:21 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:21 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:21 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:19 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 07:19 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-04 18:31 . 2012-04-14 19:20 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 19:20 . 2011-05-14 17:22 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 14:18 . 2010-02-20 06:37 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 15:01 . 2012-02-15 15:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-14 15:45 . 2012-03-14 00:57 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 00:57 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 00:57 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 00:57 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 00:57 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-02 15:16 . 2012-03-14 00:57 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-17 06:00 . 2011-05-16 23:04 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}]
2011-04-20 20:25 605888 ----a-w- c:\program files\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-10-05 17:54 303104 ------w- c:\ddi\OverIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-09-20 253952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-01 4669440]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-10-12 45056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"DLCJCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2006-10-20 73728]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-09-06 53248]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 03:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AOL DDI.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AOL DDI.lnk
backup=c:\windows\pss\AOL DDI.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-19 12:19 154136 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-19 12:20 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-19 12:20 137752 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Help and Support Demo]
2007-08-28 00:54 290816 ----a-w- c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIORegistration]
2007-10-17 21:40 20480 ----a-w- c:\program files\Sony\First Experience\WelcomeLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2007-07-20 23:30 577536 ----a-w- c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:20]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-26 20:00]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-26 20:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b0rth9k8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - vshare.tv Bar Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2818425&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7aeb3efd-e564-43f1-b658-5058a7c5743b} - (no file)
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
WebBrowser-{7AEB3EFD-E564-43F1-B658-5058A7C5743B} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Owner\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-01 02:10
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCJCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
.
c:\users\Owner\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2920)
c:\ddi\overicon.dll
.
Completion time: 2012-05-01 02:14:26
ComboFix-quarantined-files.txt 2012-05-01 06:14
.
Pre-Run: 125,601,185,792 bytes free
Post-Run: 125,585,928,192 bytes free
.
- - End Of File - - 44179E3846FE7C40A5EB061290707C88



No problems running combo fix. I'm not sure how my computer is now. I thought it was fine the first time I followed the steps in the previous post, but then I got another redirect. So I'm not able to tell right away because the redirect happens randomly.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 01 May 2012 - 02:15 AM

Greetings Beth

If you get another redirect I would like to know which browser you were using and where you were redirected to.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 beth819

beth819
  • Topic Starter

  • Members
  • 175 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 01 May 2012 - 07:27 PM

Hi, I'm running aswmbr, but I don't know how to tell when it's done? The bottom line says scanning c:\, but there's an option to save log and exit. The scan button and fix are in grey and not clickable

#8 beth819

beth819
  • Topic Starter

  • Members
  • 175 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 01 May 2012 - 08:04 PM

19:55:49.0026 1452 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
19:55:49.0419 1452 ============================================================
19:55:49.0419 1452 Current date / time: 2012/05/01 19:55:49.0419
19:55:49.0419 1452 SystemInfo:
19:55:49.0419 1452
19:55:49.0419 1452 OS Version: 6.0.6002 ServicePack: 2.0
19:55:49.0419 1452 Product type: Workstation
19:55:49.0419 1452 ComputerName: OWNER-PC
19:55:49.0420 1452 UserName: Owner
19:55:49.0420 1452 Windows directory: C:\Windows
19:55:49.0420 1452 System windows directory: C:\Windows
19:55:49.0420 1452 Processor architecture: Intel x86
19:55:49.0420 1452 Number of processors: 2
19:55:49.0420 1452 Page size: 0x1000
19:55:49.0420 1452 Boot type: Normal boot
19:55:49.0420 1452 ============================================================
19:55:50.0431 1452 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:55:50.0452 1452 ============================================================
19:55:50.0452 1452 \Device\Harddisk0\DR0:
19:55:50.0453 1452 MBR partitions:
19:55:50.0453 1452 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFD3000, BlocksNum 0x164CB9B0
19:55:50.0453 1452 ============================================================
19:55:50.0494 1452 C: <-> \Device\Harddisk0\DR0\Partition0
19:55:50.0495 1452 ============================================================
19:55:50.0495 1452 Initialize success
19:55:50.0495 1452 ============================================================
19:56:00.0641 0704 ============================================================
19:56:00.0641 0704 Scan started
19:56:00.0641 0704 Mode: Manual;
19:56:00.0641 0704 ============================================================
19:56:01.0669 0704 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:56:01.0715 0704 ACPI - ok
19:56:01.0809 0704 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:56:01.0824 0704 AdobeFlashPlayerUpdateSvc - ok
19:56:01.0953 0704 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
19:56:02.0013 0704 adp94xx - ok
19:56:02.0061 0704 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
19:56:02.0119 0704 adpahci - ok
19:56:02.0148 0704 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
19:56:02.0184 0704 adpu160m - ok
19:56:02.0228 0704 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
19:56:02.0263 0704 adpu320 - ok
19:56:02.0303 0704 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:56:02.0310 0704 AeLookupSvc - ok
19:56:02.0407 0704 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:56:02.0464 0704 AFD - ok
19:56:02.0528 0704 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
19:56:02.0556 0704 agp440 - ok
19:56:02.0612 0704 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:56:02.0635 0704 aic78xx - ok
19:56:02.0689 0704 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:56:02.0698 0704 ALG - ok
19:56:02.0721 0704 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
19:56:02.0728 0704 aliide - ok
19:56:02.0757 0704 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
19:56:02.0802 0704 amdagp - ok
19:56:02.0821 0704 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
19:56:02.0851 0704 amdide - ok
19:56:02.0894 0704 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
19:56:02.0915 0704 AmdK7 - ok
19:56:02.0943 0704 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
19:56:02.0951 0704 AmdK8 - ok
19:56:03.0045 0704 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:56:03.0058 0704 AntiVirSchedulerService - ok
19:56:03.0109 0704 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:56:03.0112 0704 AntiVirService - ok
19:56:03.0193 0704 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
19:56:03.0205 0704 AOL ACS - ok
19:56:03.0260 0704 ApfiltrService (18bff317bdb10c64a35e1ca85f1ec051) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:56:03.0271 0704 ApfiltrService - ok
19:56:03.0338 0704 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:56:03.0345 0704 Appinfo - ok
19:56:03.0397 0704 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:56:03.0400 0704 Apple Mobile Device - ok
19:56:03.0447 0704 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
19:56:03.0477 0704 arc - ok
19:56:03.0544 0704 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
19:56:03.0577 0704 arcsas - ok
19:56:03.0680 0704 AresChatServer (d0c8b41a2690cd3b57783c759b3b72d5) C:\Program Files\Ares\chatServer.exe
19:56:03.0814 0704 AresChatServer - ok
19:56:03.0859 0704 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\ASPI32.sys
19:56:03.0891 0704 ASPI32 - ok
19:56:03.0946 0704 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:56:03.0967 0704 AsyncMac - ok
19:56:04.0000 0704 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:56:04.0009 0704 atapi - ok
19:56:04.0109 0704 athr (7fa516fc81dd5931f389b56279a27a3e) C:\Windows\system32\DRIVERS\athr.sys
19:56:04.0184 0704 athr - ok
19:56:04.0243 0704 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:56:04.0259 0704 AudioEndpointBuilder - ok
19:56:04.0266 0704 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:56:04.0270 0704 Audiosrv - ok
19:56:04.0368 0704 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
19:56:04.0396 0704 avgio - ok
19:56:04.0461 0704 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
19:56:04.0490 0704 avgntflt - ok
19:56:04.0547 0704 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
19:56:04.0557 0704 avipbb - ok
19:56:04.0619 0704 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:56:04.0651 0704 Beep - ok
19:56:04.0717 0704 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:56:04.0733 0704 BFE - ok
19:56:04.0839 0704 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
19:56:04.0873 0704 BITS - ok
19:56:04.0878 0704 blbdrive - ok
19:56:04.0999 0704 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:56:05.0005 0704 Bonjour Service - ok
19:56:05.0038 0704 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:56:05.0069 0704 bowser - ok
19:56:05.0116 0704 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:56:05.0143 0704 BrFiltLo - ok
19:56:05.0165 0704 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:56:05.0173 0704 BrFiltUp - ok
19:56:05.0229 0704 Bridge (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
19:56:05.0270 0704 Bridge - ok
19:56:05.0276 0704 BridgeMP (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
19:56:05.0278 0704 BridgeMP - ok
19:56:05.0338 0704 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:56:05.0348 0704 Browser - ok
19:56:05.0398 0704 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:56:05.0429 0704 Brserid - ok
19:56:05.0458 0704 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:56:05.0468 0704 BrSerWdm - ok
19:56:05.0496 0704 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:56:05.0532 0704 BrUsbMdm - ok
19:56:05.0556 0704 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:56:05.0562 0704 BrUsbSer - ok
19:56:05.0595 0704 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:56:05.0624 0704 BTHMODEM - ok
19:56:05.0724 0704 catchme - ok
19:56:05.0774 0704 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:56:05.0806 0704 cdfs - ok
19:56:05.0848 0704 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:56:05.0886 0704 cdrom - ok
19:56:05.0937 0704 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:56:05.0946 0704 CertPropSvc - ok
19:56:05.0979 0704 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
19:56:05.0991 0704 circlass - ok
19:56:06.0035 0704 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:56:06.0070 0704 CLFS - ok
19:56:06.0144 0704 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:56:06.0194 0704 clr_optimization_v2.0.50727_32 - ok
19:56:06.0279 0704 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:56:06.0290 0704 clr_optimization_v4.0.30319_32 - ok
19:56:06.0332 0704 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:56:06.0362 0704 CmBatt - ok
19:56:06.0400 0704 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
19:56:06.0422 0704 cmdide - ok
19:56:06.0446 0704 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:56:06.0455 0704 Compbatt - ok
19:56:06.0461 0704 COMSysApp - ok
19:56:06.0486 0704 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
19:56:06.0517 0704 crcdisk - ok
19:56:06.0537 0704 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
19:56:06.0565 0704 Crusoe - ok
19:56:06.0628 0704 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
19:56:06.0630 0704 CryptSvc - ok
19:56:06.0711 0704 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:56:06.0734 0704 DcomLaunch - ok
19:56:06.0764 0704 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:56:06.0793 0704 DfsC - ok
19:56:06.0971 0704 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:56:07.0109 0704 DFSR - ok
19:56:07.0306 0704 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:56:07.0310 0704 Dhcp - ok
19:56:07.0362 0704 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:56:07.0395 0704 disk - ok
19:56:07.0401 0704 dlbt_device - ok
19:56:07.0446 0704 dlcj_device - ok
19:56:07.0493 0704 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
19:56:07.0520 0704 DMICall - ok
19:56:07.0570 0704 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:56:07.0582 0704 Dnscache - ok
19:56:07.0615 0704 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:56:07.0629 0704 dot3svc - ok
19:56:07.0685 0704 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:56:07.0696 0704 DPS - ok
19:56:07.0738 0704 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:56:07.0762 0704 drmkaud - ok
19:56:07.0835 0704 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:56:07.0910 0704 DXGKrnl - ok
19:56:07.0951 0704 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:56:07.0993 0704 E1G60 - ok
19:56:08.0022 0704 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:56:08.0033 0704 EapHost - ok
19:56:08.0076 0704 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:56:08.0115 0704 Ecache - ok
19:56:08.0184 0704 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:56:08.0199 0704 ehRecvr - ok
19:56:08.0234 0704 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:56:08.0246 0704 ehSched - ok
19:56:08.0256 0704 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:56:08.0262 0704 ehstart - ok
19:56:08.0316 0704 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
19:56:08.0364 0704 elxstor - ok
19:56:08.0435 0704 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:56:08.0454 0704 EMDMgmt - ok
19:56:08.0511 0704 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:56:08.0526 0704 EventSystem - ok
19:56:08.0570 0704 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:56:08.0598 0704 exfat - ok
19:56:08.0648 0704 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:56:08.0675 0704 fastfat - ok
19:56:08.0718 0704 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
19:56:08.0742 0704 fdc - ok
19:56:08.0779 0704 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:56:08.0785 0704 fdPHost - ok
19:56:08.0812 0704 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:56:08.0841 0704 FDResPub - ok
19:56:08.0888 0704 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:56:08.0922 0704 FileInfo - ok
19:56:08.0963 0704 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:56:08.0986 0704 Filetrace - ok
19:56:09.0014 0704 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
19:56:09.0036 0704 flpydisk - ok
19:56:09.0081 0704 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:56:09.0121 0704 FltMgr - ok
19:56:09.0238 0704 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:56:09.0270 0704 FontCache - ok
19:56:09.0323 0704 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:56:09.0358 0704 FontCache3.0.0.0 - ok
19:56:09.0392 0704 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
19:56:09.0413 0704 Fs_Rec - ok
19:56:09.0449 0704 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
19:56:09.0482 0704 gagp30kx - ok
19:56:09.0532 0704 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
19:56:09.0539 0704 GEARAspiWDM - ok
19:56:09.0582 0704 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
19:56:09.0604 0704 giveio - ok
19:56:09.0678 0704 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:56:09.0709 0704 gpsvc - ok
19:56:09.0792 0704 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:56:09.0826 0704 gupdate - ok
19:56:09.0832 0704 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:56:09.0834 0704 gupdatem - ok
19:56:09.0884 0704 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:56:09.0898 0704 gusvc - ok
19:56:09.0957 0704 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:56:10.0018 0704 HdAudAddService - ok
19:56:10.0095 0704 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:56:10.0150 0704 HDAudBus - ok
19:56:10.0166 0704 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:56:10.0192 0704 HidBth - ok
19:56:10.0215 0704 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:56:10.0243 0704 HidIr - ok
19:56:10.0282 0704 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
19:56:10.0290 0704 hidserv - ok
19:56:10.0305 0704 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:56:10.0329 0704 HidUsb - ok
19:56:10.0369 0704 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:56:10.0380 0704 hkmsvc - ok
19:56:10.0416 0704 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
19:56:10.0446 0704 HpCISSs - ok
19:56:10.0512 0704 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:56:10.0551 0704 HSFHWAZL - ok
19:56:10.0651 0704 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:56:10.0743 0704 HSF_DPV - ok
19:56:10.0750 0704 HSXHWAZL - ok
19:56:10.0809 0704 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:56:10.0882 0704 HTTP - ok
19:56:10.0906 0704 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
19:56:10.0936 0704 i2omp - ok
19:56:11.0000 0704 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:56:11.0025 0704 i8042prt - ok
19:56:11.0084 0704 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
19:56:11.0087 0704 iaStor - ok
19:56:11.0128 0704 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
19:56:11.0172 0704 iaStorV - ok
19:56:11.0248 0704 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:56:11.0283 0704 IDriverT - ok
19:56:11.0404 0704 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:56:11.0495 0704 idsvc - ok
19:56:11.0739 0704 igfx (62448322731ac1beda52e2b3327046ee) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:56:11.0850 0704 igfx - ok
19:56:11.0993 0704 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:56:12.0034 0704 iirsp - ok
19:56:12.0101 0704 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:56:12.0128 0704 IKEEXT - ok
19:56:12.0313 0704 IntcAzAudAddService (6f62bafe6150f3952f877051c65786fe) C:\Windows\system32\drivers\RTKVHDA.sys
19:56:12.0439 0704 IntcAzAudAddService - ok
19:56:12.0606 0704 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
19:56:12.0632 0704 intelide - ok
19:56:12.0678 0704 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:56:12.0707 0704 intelppm - ok
19:56:12.0743 0704 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:56:12.0785 0704 IPBusEnum - ok
19:56:12.0836 0704 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:56:12.0843 0704 IpFilterDriver - ok
19:56:12.0893 0704 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:56:12.0907 0704 iphlpsvc - ok
19:56:12.0912 0704 IpInIp - ok
19:56:12.0941 0704 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
19:56:12.0951 0704 IPMIDRV - ok
19:56:12.0995 0704 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:56:13.0006 0704 IPNAT - ok
19:56:13.0140 0704 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
19:56:13.0176 0704 iPod Service - ok
19:56:13.0206 0704 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:56:13.0226 0704 IRENUM - ok
19:56:13.0266 0704 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
19:56:13.0305 0704 isapnp - ok
19:56:13.0361 0704 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:56:13.0397 0704 iScsiPrt - ok
19:56:13.0425 0704 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:56:13.0433 0704 iteatapi - ok
19:56:13.0448 0704 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:56:13.0456 0704 iteraid - ok
19:56:13.0538 0704 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
19:56:13.0549 0704 IviRegMgr - ok
19:56:13.0586 0704 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:56:13.0618 0704 kbdclass - ok
19:56:13.0655 0704 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
19:56:13.0661 0704 kbdhid - ok
19:56:13.0683 0704 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:56:13.0689 0704 KeyIso - ok
19:56:13.0735 0704 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:56:13.0794 0704 KSecDD - ok
19:56:13.0854 0704 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:56:13.0869 0704 KtmRm - ok
19:56:13.0908 0704 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
19:56:13.0921 0704 LanmanServer - ok
19:56:13.0958 0704 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:56:13.0970 0704 LanmanWorkstation - ok
19:56:14.0013 0704 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:56:14.0038 0704 lltdio - ok
19:56:14.0087 0704 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:56:14.0100 0704 lltdsvc - ok
19:56:14.0137 0704 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:56:14.0144 0704 lmhosts - ok
19:56:14.0185 0704 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
19:56:14.0215 0704 LSI_FC - ok
19:56:14.0242 0704 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
19:56:14.0253 0704 LSI_SAS - ok
19:56:14.0274 0704 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
19:56:14.0284 0704 LSI_SCSI - ok
19:56:14.0316 0704 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:56:14.0340 0704 luafv - ok
19:56:14.0383 0704 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:56:14.0415 0704 Mcx2Svc - ok
19:56:14.0421 0704 mdmxsdk - ok
19:56:14.0462 0704 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
19:56:14.0489 0704 megasas - ok
19:56:14.0519 0704 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:56:14.0528 0704 MMCSS - ok
19:56:14.0564 0704 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:56:14.0589 0704 Modem - ok
19:56:14.0637 0704 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:56:14.0666 0704 monitor - ok
19:56:14.0702 0704 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:56:14.0729 0704 mouclass - ok
19:56:14.0755 0704 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:56:14.0775 0704 mouhid - ok
19:56:14.0809 0704 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:56:14.0837 0704 MountMgr - ok
19:56:14.0904 0704 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
19:56:14.0934 0704 mpio - ok
19:56:14.0980 0704 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:56:15.0021 0704 mpsdrv - ok
19:56:15.0085 0704 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
19:56:15.0114 0704 MpsSvc - ok
19:56:15.0145 0704 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:56:15.0168 0704 Mraid35x - ok
19:56:15.0203 0704 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:56:15.0244 0704 MRxDAV - ok
19:56:15.0287 0704 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:56:15.0314 0704 mrxsmb - ok
19:56:15.0378 0704 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:56:15.0394 0704 mrxsmb10 - ok
19:56:15.0412 0704 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:56:15.0434 0704 mrxsmb20 - ok
19:56:15.0467 0704 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
19:56:15.0491 0704 msahci - ok
19:56:15.0576 0704 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
19:56:15.0604 0704 MSCSPTISRV - ok
19:56:15.0630 0704 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
19:56:15.0660 0704 msdsm - ok
19:56:15.0705 0704 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:56:15.0750 0704 MSDTC - ok
19:56:15.0800 0704 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:56:15.0827 0704 Msfs - ok
19:56:15.0868 0704 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:56:15.0897 0704 msisadrv - ok
19:56:15.0934 0704 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:56:15.0967 0704 MSiSCSI - ok
19:56:15.0973 0704 msiserver - ok
19:56:16.0059 0704 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:56:16.0065 0704 MSKSSRV - ok
19:56:16.0089 0704 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:56:16.0115 0704 MSPCLOCK - ok
19:56:16.0143 0704 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:56:16.0148 0704 MSPQM - ok
19:56:16.0188 0704 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:56:16.0227 0704 MsRPC - ok
19:56:16.0253 0704 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:56:16.0261 0704 mssmbios - ok
19:56:16.0269 0704 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:56:16.0275 0704 MSTEE - ok
19:56:16.0293 0704 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:56:16.0327 0704 Mup - ok
19:56:16.0392 0704 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:56:16.0399 0704 napagent - ok
19:56:16.0450 0704 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:56:16.0483 0704 NativeWifiP - ok
19:56:16.0573 0704 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:56:16.0653 0704 NDIS - ok
19:56:16.0687 0704 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:56:16.0710 0704 NdisTapi - ok
19:56:16.0752 0704 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:56:16.0771 0704 Ndisuio - ok
19:56:16.0802 0704 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:56:16.0835 0704 NdisWan - ok
19:56:16.0872 0704 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:56:16.0917 0704 NDProxy - ok
19:56:16.0941 0704 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:56:16.0970 0704 NetBIOS - ok
19:56:17.0012 0704 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:56:17.0051 0704 netbt - ok
19:56:17.0084 0704 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:56:17.0087 0704 Netlogon - ok
19:56:17.0137 0704 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:56:17.0152 0704 Netman - ok
19:56:17.0230 0704 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:56:17.0235 0704 netprofm - ok
19:56:17.0305 0704 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:56:17.0319 0704 NetTcpPortSharing - ok
19:56:17.0481 0704 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
19:56:17.0593 0704 NETw3v32 - ok
19:56:17.0934 0704 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
19:56:18.0071 0704 NETw4v32 - ok
19:56:18.0192 0704 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:56:18.0200 0704 nfrd960 - ok
19:56:18.0244 0704 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:56:18.0258 0704 NlaSvc - ok
19:56:18.0288 0704 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:56:18.0316 0704 Npfs - ok
19:56:18.0350 0704 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:56:18.0358 0704 nsi - ok
19:56:18.0403 0704 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:56:18.0426 0704 nsiproxy - ok
19:56:18.0543 0704 NSUService (510320ec1933ef2eaba71bf9e6635f31) C:\Program Files\Sony\Network Utility\NSUService.exe
19:56:18.0553 0704 NSUService - ok
19:56:18.0656 0704 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:56:18.0764 0704 Ntfs - ok
19:56:18.0788 0704 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:56:18.0811 0704 ntrigdigi - ok
19:56:18.0852 0704 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:56:18.0857 0704 Null - ok
19:56:18.0888 0704 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
19:56:18.0938 0704 nvraid - ok
19:56:18.0957 0704 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
19:56:18.0979 0704 nvstor - ok
19:56:19.0010 0704 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
19:56:19.0023 0704 nv_agp - ok
19:56:19.0031 0704 NwlnkFlt - ok
19:56:19.0041 0704 NwlnkFwd - ok
19:56:19.0165 0704 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:56:19.0198 0704 odserv - ok
19:56:19.0241 0704 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:56:19.0251 0704 ohci1394 - ok
19:56:19.0299 0704 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:56:19.0312 0704 ose - ok
19:56:19.0394 0704 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:56:19.0478 0704 p2pimsvc - ok
19:56:19.0493 0704 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:56:19.0503 0704 p2psvc - ok
19:56:19.0568 0704 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
19:56:19.0596 0704 PACSPTISVR - ok
19:56:19.0635 0704 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:56:19.0668 0704 Parport - ok
19:56:19.0705 0704 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:56:19.0727 0704 partmgr - ok
19:56:19.0754 0704 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:56:19.0779 0704 Parvdm - ok
19:56:19.0820 0704 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:56:19.0830 0704 PcaSvc - ok
19:56:19.0869 0704 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:56:19.0902 0704 pci - ok
19:56:19.0922 0704 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
19:56:19.0944 0704 pciide - ok
19:56:19.0981 0704 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
19:56:20.0014 0704 pcmcia - ok
19:56:20.0132 0704 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:56:20.0217 0704 PEAUTH - ok
19:56:20.0381 0704 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:56:20.0443 0704 pla - ok
19:56:20.0604 0704 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:56:20.0619 0704 PlugPlay - ok
19:56:20.0698 0704 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:56:20.0706 0704 PNRPAutoReg - ok
19:56:20.0718 0704 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:56:20.0727 0704 PNRPsvc - ok
19:56:20.0776 0704 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:56:20.0809 0704 PolicyAgent - ok
19:56:20.0865 0704 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:56:20.0904 0704 PptpMiniport - ok
19:56:20.0944 0704 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
19:56:20.0969 0704 Processor - ok
19:56:21.0011 0704 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:56:21.0026 0704 ProfSvc - ok
19:56:21.0050 0704 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:56:21.0053 0704 ProtectedStorage - ok
19:56:21.0098 0704 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\system32\PSIService.exe
19:56:21.0111 0704 ProtexisLicensing - ok
19:56:21.0147 0704 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:56:21.0158 0704 PSched - ok
19:56:21.0207 0704 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
19:56:21.0235 0704 PSI - ok
19:56:21.0266 0704 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
19:56:21.0277 0704 PxHelp20 - ok
19:56:21.0359 0704 QBCFMonitorService (fad2dd41b0c6da123106afc8098705ac) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
19:56:21.0365 0704 QBCFMonitorService - ok
19:56:21.0399 0704 QBFCService (bab30d2799754f6ea22f0b9076311793) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
19:56:21.0410 0704 QBFCService - ok
19:56:21.0467 0704 QCDonner (b1ad87b4c97b6b59fcd075001e76865f) C:\Windows\system32\DRIVERS\LVCD.sys
19:56:21.0547 0704 QCDonner - ok
19:56:21.0671 0704 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
19:56:21.0734 0704 ql2300 - ok
19:56:21.0765 0704 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:56:21.0804 0704 ql40xx - ok
19:56:21.0865 0704 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:56:21.0881 0704 QWAVE - ok
19:56:21.0919 0704 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:56:21.0926 0704 QWAVEdrv - ok
19:56:21.0953 0704 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:56:21.0972 0704 RasAcd - ok
19:56:22.0017 0704 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:56:22.0030 0704 RasAuto - ok
19:56:22.0062 0704 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:56:22.0110 0704 Rasl2tp - ok
19:56:22.0164 0704 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:56:22.0178 0704 RasMan - ok
19:56:22.0214 0704 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:56:22.0242 0704 RasPppoe - ok
19:56:22.0278 0704 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:56:22.0286 0704 RasSstp - ok
19:56:22.0325 0704 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:56:22.0378 0704 rdbss - ok
19:56:22.0410 0704 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:56:22.0415 0704 RDPCDD - ok
19:56:22.0462 0704 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
19:56:22.0494 0704 rdpdr - ok
19:56:22.0500 0704 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:56:22.0507 0704 RDPENCDD - ok
19:56:22.0562 0704 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
19:56:22.0590 0704 RDPWD - ok
19:56:22.0623 0704 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
19:56:22.0629 0704 regi - ok
19:56:22.0679 0704 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:56:22.0693 0704 RemoteAccess - ok
19:56:22.0731 0704 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:56:22.0743 0704 RemoteRegistry - ok
19:56:22.0773 0704 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:56:22.0780 0704 RpcLocator - ok
19:56:22.0851 0704 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:56:22.0859 0704 RpcSs - ok
19:56:22.0894 0704 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:56:22.0902 0704 rspndr - ok
19:56:22.0924 0704 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:56:22.0927 0704 SamSs - ok
19:56:22.0971 0704 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:56:22.0981 0704 sbp2port - ok
19:56:23.0043 0704 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:56:23.0055 0704 SCardSvr - ok
19:56:23.0129 0704 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:56:23.0199 0704 Schedule - ok
19:56:23.0216 0704 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:56:23.0217 0704 SCPolicySvc - ok
19:56:23.0261 0704 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:56:23.0273 0704 SDRSVC - ok
19:56:23.0299 0704 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:56:23.0321 0704 secdrv - ok
19:56:23.0352 0704 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:56:23.0361 0704 seclogon - ok
19:56:23.0492 0704 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files\Secunia\PSI\PSIA.exe
19:56:23.0593 0704 Secunia PSI Agent - ok
19:56:23.0645 0704 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files\Secunia\PSI\sua.exe
19:56:23.0661 0704 Secunia Update Agent - ok
19:56:23.0798 0704 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
19:56:23.0802 0704 SENS - ok
19:56:23.0843 0704 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:56:23.0866 0704 Serenum - ok
19:56:23.0898 0704 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:56:23.0908 0704 Serial - ok
19:56:23.0954 0704 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:56:23.0976 0704 sermouse - ok
19:56:24.0026 0704 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:56:24.0039 0704 SessionEnv - ok
19:56:24.0076 0704 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
19:56:24.0100 0704 SFEP - ok
19:56:24.0126 0704 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
19:56:24.0149 0704 sffdisk - ok
19:56:24.0175 0704 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
19:56:24.0202 0704 sffp_mmc - ok
19:56:24.0225 0704 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
19:56:24.0245 0704 sffp_sd - ok
19:56:24.0284 0704 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
19:56:24.0291 0704 sfloppy - ok
19:56:24.0340 0704 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:56:24.0384 0704 SharedAccess - ok
19:56:24.0431 0704 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:56:24.0445 0704 ShellHWDetection - ok
19:56:24.0473 0704 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
19:56:24.0498 0704 sisagp - ok
19:56:24.0522 0704 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
19:56:24.0552 0704 SiSRaid2 - ok
19:56:24.0575 0704 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
19:56:24.0605 0704 SiSRaid4 - ok
19:56:24.0875 0704 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:56:24.0994 0704 slsvc - ok
19:56:25.0145 0704 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:56:25.0157 0704 SLUINotify - ok
19:56:25.0212 0704 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:56:25.0221 0704 Smb - ok
19:56:25.0258 0704 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:56:25.0266 0704 SNMPTRAP - ok
19:56:25.0299 0704 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\Windows\system32\speedfan.sys
19:56:25.0322 0704 speedfan - ok
19:56:25.0357 0704 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:56:25.0365 0704 spldr - ok
19:56:25.0400 0704 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:56:25.0412 0704 Spooler - ok
19:56:25.0489 0704 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
19:56:25.0517 0704 SPTISRV - ok
19:56:25.0572 0704 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:56:25.0632 0704 srv - ok
19:56:25.0685 0704 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:56:25.0716 0704 srv2 - ok
19:56:25.0745 0704 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:56:25.0777 0704 srvnet - ok
19:56:25.0823 0704 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:56:25.0836 0704 SSDPSRV - ok
19:56:25.0883 0704 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:56:25.0904 0704 ssmdrv - ok
19:56:25.0951 0704 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:56:25.0963 0704 SstpSvc - ok
19:56:26.0036 0704 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:56:26.0095 0704 stisvc - ok
19:56:26.0122 0704 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:56:26.0130 0704 swenum - ok
19:56:26.0172 0704 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:56:26.0188 0704 swprv - ok
19:56:26.0221 0704 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:56:26.0243 0704 Symc8xx - ok
19:56:26.0264 0704 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:56:26.0291 0704 Sym_hi - ok
19:56:26.0321 0704 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:56:26.0349 0704 Sym_u3 - ok
19:56:26.0417 0704 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:56:26.0444 0704 SysMain - ok
19:56:26.0479 0704 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:56:26.0490 0704 TabletInputService - ok
19:56:26.0547 0704 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:56:26.0562 0704 TapiSrv - ok
19:56:26.0590 0704 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:56:26.0600 0704 TBS - ok
19:56:26.0698 0704 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
19:56:26.0759 0704 Tcpip - ok
19:56:26.0777 0704 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
19:56:26.0785 0704 Tcpip6 - ok
19:56:26.0810 0704 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:56:26.0817 0704 tcpipreg - ok
19:56:26.0856 0704 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:56:26.0863 0704 TDPIPE - ok
19:56:26.0886 0704 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:56:26.0909 0704 TDTCP - ok
19:56:26.0939 0704 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:56:26.0948 0704 tdx - ok
19:56:26.0971 0704 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:56:26.0982 0704 TermDD - ok
19:56:27.0051 0704 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:56:27.0075 0704 TermService - ok
19:56:27.0120 0704 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:56:27.0126 0704 Themes - ok
19:56:27.0153 0704 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:56:27.0156 0704 THREADORDER - ok
19:56:27.0246 0704 ti21sony (909cd987b54a8179c9aee874d754721a) C:\Windows\system32\drivers\ti21sony.sys
19:56:27.0329 0704 ti21sony - ok
19:56:27.0354 0704 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:56:27.0365 0704 TrkWks - ok
19:56:27.0419 0704 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:56:27.0427 0704 TrustedInstaller - ok
19:56:27.0460 0704 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:56:27.0496 0704 tssecsrv - ok
19:56:27.0533 0704 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:56:27.0552 0704 tunmp - ok
19:56:27.0578 0704 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:56:27.0606 0704 tunnel - ok
19:56:27.0642 0704 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
19:56:27.0683 0704 uagp35 - ok
19:56:27.0727 0704 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:56:27.0741 0704 udfs - ok
19:56:27.0781 0704 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:56:27.0791 0704 UI0Detect - ok
19:56:27.0815 0704 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
19:56:27.0838 0704 uliagpkx - ok
19:56:27.0880 0704 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
19:56:27.0921 0704 uliahci - ok
19:56:27.0954 0704 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:56:27.0991 0704 UlSata - ok
19:56:28.0018 0704 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:56:28.0030 0704 ulsata2 - ok
19:56:28.0060 0704 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:56:28.0067 0704 umbus - ok
19:56:28.0118 0704 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:56:28.0134 0704 upnphost - ok
19:56:28.0166 0704 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
19:56:28.0194 0704 USBAAPL - ok
19:56:28.0246 0704 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
19:56:28.0271 0704 usbaudio - ok
19:56:28.0329 0704 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:56:28.0338 0704 usbccgp - ok
19:56:28.0394 0704 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:56:28.0422 0704 usbcir - ok
19:56:28.0458 0704 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:56:28.0481 0704 usbehci - ok
19:56:28.0520 0704 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:56:28.0554 0704 usbhub - ok
19:56:28.0572 0704 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:56:28.0596 0704 usbohci - ok
19:56:28.0632 0704 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:56:28.0660 0704 usbprint - ok
19:56:28.0697 0704 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:56:28.0723 0704 usbscan - ok
19:56:28.0747 0704 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:56:28.0777 0704 USBSTOR - ok
19:56:28.0817 0704 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:56:28.0836 0704 usbuhci - ok
19:56:28.0886 0704 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:56:28.0931 0704 usbvideo - ok
19:56:28.0966 0704 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:56:28.0975 0704 UxSms - ok
19:56:29.0073 0704 VAIO Entertainment TV Device Arbitration Service (afbcd738df9de3b6d71afc704e7f27fb) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
19:56:29.0115 0704 VAIO Entertainment TV Device Arbitration Service - ok
19:56:29.0195 0704 VAIO Event Service (8a9f18adad471402236ca931553bf79b) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
19:56:29.0207 0704 VAIO Event Service - ok
19:56:29.0438 0704 VAIOMediaPlatform-IntegratedServer-AppServer (4b8f85bfc82b849d52fd4f3f32259dbc) C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
19:56:29.0654 0704 VAIOMediaPlatform-IntegratedServer-AppServer - ok
19:56:29.0774 0704 VAIOMediaPlatform-IntegratedServer-HTTP (56e33aaa46cba8431e72486196afb3a1) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
19:56:29.0822 0704 VAIOMediaPlatform-IntegratedServer-HTTP - ok
19:56:29.0944 0704 VAIOMediaPlatform-IntegratedServer-UPnP (58558f3dc2fef127b697d1138a8d7afb) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
19:56:30.0097 0704 VAIOMediaPlatform-IntegratedServer-UPnP - ok
19:56:30.0164 0704 VAIOMediaPlatform-UCLS-AppServer (52d4f568fe7d05ae5026b8717eeb59eb) C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
19:56:30.0247 0704 VAIOMediaPlatform-UCLS-AppServer - ok
19:56:30.0296 0704 VAIOMediaPlatform-UCLS-HTTP (56e33aaa46cba8431e72486196afb3a1) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
19:56:30.0300 0704 VAIOMediaPlatform-UCLS-HTTP - ok
19:56:30.0387 0704 VAIOMediaPlatform-UCLS-UPnP (58558f3dc2fef127b697d1138a8d7afb) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
19:56:30.0398 0704 VAIOMediaPlatform-UCLS-UPnP - ok
19:56:30.0476 0704 VcmIAlzMgr (6ef45df2fcc4ae35c715a6c9b5c68b17) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
19:56:30.0515 0704 VcmIAlzMgr - ok
19:56:30.0611 0704 VcmXmlIfHelper (c4de5ba157fd83bbdaeb70ee27417e0e) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
19:56:30.0622 0704 VcmXmlIfHelper - ok
19:56:30.0631 0704 Vcsw - ok
19:56:30.0827 0704 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:56:30.0866 0704 vds - ok
19:56:30.0916 0704 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
19:56:30.0942 0704 vga - ok
19:56:30.0982 0704 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:56:31.0009 0704 VgaSave - ok
19:56:31.0034 0704 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
19:56:31.0065 0704 viaagp - ok
19:56:31.0088 0704 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
19:56:31.0119 0704 ViaC7 - ok
19:56:31.0141 0704 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
19:56:31.0149 0704 viaide - ok
19:56:31.0218 0704 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
19:56:31.0224 0704 Viewpoint Manager Service - ok
19:56:31.0261 0704 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:56:31.0271 0704 volmgr - ok
19:56:31.0321 0704 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:56:31.0356 0704 volmgrx - ok
19:56:31.0401 0704 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:56:31.0416 0704 volsnap - ok
19:56:31.0465 0704 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
19:56:31.0489 0704 vsmraid - ok
19:56:31.0600 0704 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:56:31.0667 0704 VSS - ok
19:56:31.0754 0704 VzCdbSvc (2e785f4f92c4c67cebb61dd55ed1f6a1) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
19:56:31.0768 0704 VzCdbSvc - ok
19:56:31.0784 0704 VzFw (2d876cad8c7ffb08179dff361ff851e6) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
19:56:31.0795 0704 VzFw - ok
19:56:31.0955 0704 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:56:31.0971 0704 W32Time - ok
19:56:32.0039 0704 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:56:32.0067 0704 WacomPen - ok
19:56:32.0105 0704 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:56:32.0141 0704 Wanarp - ok
19:56:32.0149 0704 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:56:32.0151 0704 Wanarpv6 - ok
19:56:32.0193 0704 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
19:56:32.0217 0704 wanatw - ok
19:56:32.0267 0704 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:56:32.0299 0704 wcncsvc - ok
19:56:32.0331 0704 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:56:32.0341 0704 WcsPlugInService - ok
19:56:32.0364 0704 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
19:56:32.0386 0704 Wd - ok
19:56:32.0452 0704 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:56:32.0531 0704 Wdf01000 - ok
19:56:32.0566 0704 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:56:32.0570 0704 WdiServiceHost - ok
19:56:32.0575 0704 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:56:32.0580 0704 WdiSystemHost - ok
19:56:32.0617 0704 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:56:32.0630 0704 WebClient - ok
19:56:32.0663 0704 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:56:32.0677 0704 Wecsvc - ok
19:56:32.0712 0704 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:56:32.0717 0704 wercplsupport - ok
19:56:32.0760 0704 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:56:32.0773 0704 WerSvc - ok
19:56:32.0811 0704 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
19:56:32.0843 0704 WimFltr - ok
19:56:32.0930 0704 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:56:33.0003 0704 winachsf - ok
19:56:33.0105 0704 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:56:33.0119 0704 WinDefend - ok
19:56:33.0128 0704 WinHttpAutoProxySvc - ok
19:56:33.0198 0704 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:56:33.0208 0704 Winmgmt - ok
19:56:33.0324 0704 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:56:33.0376 0704 WinRM - ok
19:56:33.0449 0704 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:56:33.0482 0704 Wlansvc - ok
19:56:33.0699 0704 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:56:33.0757 0704 wlidsvc - ok
19:56:33.0912 0704 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
19:56:33.0941 0704 WmiAcpi - ok
19:56:34.0014 0704 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:56:34.0025 0704 wmiApSrv - ok
19:56:34.0193 0704 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:56:34.0231 0704 WMPNetworkSvc - ok
19:56:34.0258 0704 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:56:34.0273 0704 WPCSvc - ok
19:56:34.0311 0704 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:56:34.0323 0704 WPDBusEnum - ok
19:56:34.0379 0704 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:56:34.0402 0704 WpdUsb - ok
19:56:34.0547 0704 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:56:34.0602 0704 WPFFontCache_v0400 - ok
19:56:34.0635 0704 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:56:34.0664 0704 ws2ifsl - ok
19:56:34.0700 0704 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
19:56:34.0711 0704 wscsvc - ok
19:56:34.0717 0704 WSearch - ok
19:56:34.0901 0704 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
19:56:34.0977 0704 wuauserv - ok
19:56:35.0204 0704 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:56:35.0241 0704 WUDFRd - ok
19:56:35.0281 0704 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:56:35.0292 0704 wudfsvc - ok
19:56:35.0337 0704 WUSB54GV4SRV (0f82a97056ea208183c0085589f83050) C:\Windows\system32\DRIVERS\rt2500usb.sys
19:56:35.0370 0704 WUSB54GV4SRV - ok
19:56:35.0425 0704 yukonwlh (2d07e65ed0023bb10b13a912b27dfb1a) C:\Windows\system32\DRIVERS\yk60x86.sys
19:56:35.0438 0704 yukonwlh - ok
19:56:35.0479 0704 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:56:35.0540 0704 \Device\Harddisk0\DR0 - ok
19:56:35.0545 0704 Boot (0x1200) (2f4989a9f577163a7c5cf3228990a37d) \Device\Harddisk0\DR0\Partition0
19:56:35.0547 0704 \Device\Harddisk0\DR0\Partition0 - ok
19:56:35.0552 0704 ============================================================
19:56:35.0552 0704 Scan finished
19:56:35.0552 0704 ============================================================
19:56:35.0571 5972 Detected object count: 0
19:56:35.0571 5972 Actual detected object count: 0
19:59:12.0868 4456 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-26 15:17:45
-----------------------------
15:17:45.317 OS Version: Windows 6.0.6002 Service Pack 2
15:17:45.317 Number of processors: 2 586 0xF0D
15:17:45.317 ComputerName: OWNER-PC UserName: Owner
15:18:02.915 Initialize success
15:19:07.246 AVAST engine defs: 12042600
15:19:32.627 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:19:32.627 Disk 0 Vendor: FUJITSU_ 0000 Size: 190782MB BusType: 3
15:19:32.627 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000064
15:19:32.627 Disk 1 Vendor: ( Size: 190782MB BusType: 0
15:19:32.643 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000065
15:19:32.643 Disk 2 Vendor: ( Size: 190782MB BusType: 0
15:19:32.674 Disk 0 MBR read successfully
15:19:32.674 Disk 0 MBR scan
15:19:32.690 Disk 0 Windows VISTA default MBR code
15:19:32.705 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8101 MB offset 2048
15:19:32.737 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 182679 MB offset 16592896
15:19:32.737 Disk 0 scanning sectors +390719920
15:19:32.846 Disk 0 scanning C:\Windows\system32\drivers
15:19:56.684 Service scanning
15:20:40.754 Modules scanning
15:20:54.045 Disk 0 trace - called modules:
15:20:54.076 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
15:20:54.092 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863a2ac8]
15:20:54.092 3 CLASSPNP.SYS[885b08b3] -> nt!IofCallDriver -> [0x84ff2268]
15:20:54.107 5 acpi.sys[806936bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84ff6030]
15:20:55.340 AVAST engine scan C:\Windows
15:20:59.458 AVAST engine scan C:\Windows\system32
15:26:37.877 AVAST engine scan C:\Windows\system32\drivers
15:26:58.548 AVAST engine scan C:\Users\Owner
16:31:29.331 AVAST engine scan C:\ProgramData
16:42:02.741 Scan finished successfully
18:13:18.394 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
18:13:18.426 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-01 19:59:42
-----------------------------
19:59:42.398 OS Version: Windows 6.0.6002 Service Pack 2
19:59:42.399 Number of processors: 2 586 0xF0D
19:59:42.400 ComputerName: OWNER-PC UserName: Owner
19:59:43.979 Initialize success
20:00:42.593 AVAST engine defs: 12050101
20:00:53.963 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:00:53.966 Disk 0 Vendor: FUJITSU_ 0000 Size: 190782MB BusType: 3
20:00:53.970 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000066
20:00:53.974 Disk 1 Vendor: ( Size: 190782MB BusType: 0
20:00:53.978 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000067
20:00:53.982 Disk 2 Vendor: ( Size: 190782MB BusType: 0
20:00:54.020 Disk 0 MBR read successfully
20:00:54.024 Disk 0 MBR scan
20:00:54.099 Disk 0 Windows VISTA default MBR code
20:00:54.115 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8101 MB offset 2048
20:00:54.157 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 182679 MB offset 16592896
20:00:54.196 Disk 0 scanning sectors +390719920
20:00:54.337 Disk 0 scanning C:\Windows\system32\drivers
20:01:14.794 Service scanning
20:01:58.082 Modules scanning
20:02:05.866 Disk 0 trace - called modules:
20:02:05.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
20:02:05.898 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863a9780]
20:02:05.905 3 CLASSPNP.SYS[885b08b3] -> nt!IofCallDriver -> [0x84ffe1f0]
20:02:05.913 5 acpi.sys[8069f6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85006030]
20:02:07.300 AVAST engine scan C:\Windows
20:02:16.968 AVAST engine scan C:\Windows\system32
20:08:07.030 AVAST engine scan C:\Windows\system32\drivers
20:08:30.747 AVAST engine scan C:\Users\Owner
20:38:21.814 File: C:\Users\Owner\AppData\Roaming\Nero\Nero\sqduxv.dll **INFECTED** Win32:Malware-gen
20:46:03.580 AVAST engine scan C:\ProgramData
20:51:24.894 Scan finished successfully
20:54:19.719 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
20:54:19.742 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 01 May 2012 - 11:02 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::

File::
C:\Users\Owner\AppData\Roaming\Nero\Nero\sqduxv.dll

FireFox::
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b0rth9k8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - vshare.tv Bar Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2818425&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 beth819

beth819
  • Topic Starter

  • Members
  • 175 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 01 May 2012 - 11:45 PM

Not sure if this matters, but I use both internet explorer and firefox. I see in that notepad it says firefox so I just wanted to let you know.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 02 May 2012 - 12:06 AM

the problem I see is in firefox and that will fix that problem in firefox



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 beth819

beth819
  • Topic Starter

  • Members
  • 175 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 02 May 2012 - 12:20 AM

Hi Gringo,


I ran combofix and it said I had to disable antivir, did that and then it said there's a new version and asked if I wanted to update. I clicked yes, then it restarted, then an error message popped up saying combo fix cannot be found. Should I try it again?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 02 May 2012 - 12:34 AM

yes try again please



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 beth819

beth819
  • Topic Starter

  • Members
  • 175 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 02 May 2012 - 12:55 AM

I ran combox fix, it got to around stage_50, said system file is infected, file restored, then I got a blue screen of death and then my computer restarted.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 02 May 2012 - 01:04 AM

OK lets run aswMBR again for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users