Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast repeatedly says Malicious URL blocked


  • This topic is locked This topic is locked
20 replies to this topic

#1 Steve0512

Steve0512

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 09 May 2012 - 01:01 PM

Hello, My daughter clicked on something nasty and now she gets multiple pop-ups from Avast Antivirus warning her that it blocked a malicious URL, type URL:MAL at the location C:\WINDOWS\SYSTEM32\SVCHOST.EXE. Thank you in advance for any help you can offer us.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Owner at 12:15:07 on 2012-05-09
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.2076 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{72616F6C-3EB8-412D-BFE6-BE2B5B5AC5C3} : DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{73A15681-C430-4D0F-888C-438AF3C4E99D} : DhcpNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-28 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-9 337880]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-9 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-10-9 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-9 44768]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-3-30 74240]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-3-30 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-3-30 30976]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-3-30 807424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-8-24 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-1 136176]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-25 654408]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-1 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-25 22344]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2010-5-3 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2010-5-3 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2010-5-3 1089536]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-09 16:54:42 -------- d-----w- c:\program files\2BrightSparks
2012-05-09 15:41:56 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-09 15:33:56 -------- d-----w- c:\users\owner\appdata\local\temp
2012-05-09 15:20:35 -------- d-----w- C:\ComboFix
2012-05-04 22:31:03 -------- d-----w- c:\programdata\Malwarebytes
2012-05-04 22:11:48 484864 ----a-w- c:\windows\BiosPatch_BB.exe
2012-05-04 19:58:35 21848 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-04 19:43:01 -------- d-----w- c:\programdata\IObit
2012-05-04 19:42:52 -------- d-----w- c:\users\owner\appdata\roaming\IObit
2012-05-04 19:42:43 -------- d-----w- c:\program files\IObit
2012-05-04 19:37:00 -------- d-----w- c:\users\owner\appdata\roaming\QuickScan
2012-05-04 17:22:55 -------- d-----w- c:\users\owner\appdata\roaming\Auslogics
2012-05-04 17:22:51 -------- d-----w- c:\program files\Auslogics
2012-05-03 22:15:50 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{606294cd-78ab-47f7-84cf-e886162aaedc}\mpengine.dll
2012-04-11 23:49:37 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-04-09 23:34:16 -------- d-----w- c:\users\owner\appdata\local\Mozilla
2012-04-09 23:07:13 -------- d-----w- c:\program files\vafoontoolbar
.
==================== Find3M ====================
.
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 15:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 15:45:30 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47:57 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- c:\windows\system32\DWrite.dll
.
============= FINISH: 12:16:48.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:57 PM

Posted 09 May 2012 - 11:37 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Steve0512

Steve0512
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 10 May 2012 - 02:29 PM

Thank you for your quick response. Below are the two items you asked for. I forgot to mention in my first post that Windows Update seems to be blocked from working.

*****************************************************************************************************************************************************
ComboFix 12-05-09.01 - Owner 05/09/12 10:23:58.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1735 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\Temp\864c74cd54264698ab08bec41f6ce392\filesys.dll
c:\users\Owner\AppData\Local\temp\864c74cd54264698ab08bec41f6ce392\http.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
.
.
2012-05-09 15:33 . 2012-05-09 15:35 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-05-09 15:33 . 2012-05-09 15:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-09 15:33 . 2012-05-09 15:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-04 22:31 . 2012-05-04 22:31 -------- d-----w- c:\programdata\Malwarebytes
2012-05-04 22:11 . 2011-01-16 15:59 484864 ----a-w- c:\windows\BiosPatch_BB.exe
2012-05-04 19:58 . 2012-02-23 19:24 21848 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-04 19:43 . 2012-05-04 19:43 -------- d-----w- c:\programdata\IObit
2012-05-04 19:42 . 2012-05-04 19:42 -------- d-----w- c:\users\Owner\AppData\Roaming\IObit
2012-05-04 19:42 . 2012-05-04 19:42 -------- d-----w- c:\program files\IObit
2012-05-04 19:37 . 2012-05-04 19:37 -------- d-----w- c:\users\Owner\AppData\Roaming\QuickScan
2012-05-04 17:22 . 2012-05-04 17:22 -------- d-----w- c:\users\Owner\AppData\Roaming\Auslogics
2012-05-04 17:22 . 2012-05-04 17:22 -------- d-----w- c:\program files\Auslogics
2012-05-03 22:15 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{606294CD-78AB-47F7-84CF-E886162AAEDC}\mpengine.dll
2012-05-03 21:53 . 2012-05-03 21:53 -------- d-----w- c:\users\Owner\AppData\Roaming\InstallShield
2012-04-12 08:08 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-11 23:49 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-09 23:34 . 2012-04-09 23:34 -------- d-----w- c:\users\Owner\AppData\Local\Mozilla
2012-04-09 23:07 . 2012-04-09 23:28 -------- d-----w- c:\program files\vafoontoolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 20:56 . 2010-10-25 15:09 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-06 23:15 . 2010-10-09 20:58 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2010-10-09 20:58 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-06-28 11:39 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2010-10-09 21:00 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2010-10-09 21:00 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2010-10-09 21:00 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2010-10-09 21:00 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2010-10-09 21:00 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 15:18 . 2010-07-26 04:27 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 15:45 . 2012-03-13 23:25 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-13 23:25 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-13 23:25 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-13 23:25 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-13 23:25 1068544 ----a-w- c:\windows\system32\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-24 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-24 154392]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-11-13 118784]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-02-13 22:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 20:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickBooks Simple Start]
2007-01-31 04:59 371712 ----a-w- c:\program files\Intuit\SimpleStartEntice\entice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
2007-03-06 22:22 36864 ----a-w- c:\program files\Sony\VAIO Center Access Bar\VCAB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
2007-02-08 02:43 411768 ----a-w- c:\program files\Sony\VAIO Camera Utility\VCUServe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSecurity]
2007-03-14 00:13 2322432 ----a-w- c:\program files\Sony\VAIO Security Center\VSC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe"
"Persistence"=c:\windows\system32\igfxpers.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1355865791-1433658893-2000815304-1005]
"EnableNotificationsRef"=dword:00000002
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-09 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-10-25 02:06]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-01 13:19]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-01 13:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-05-09 10:44:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-09 15:44
ComboFix2.txt 2010-10-25 20:16
.
Pre-Run: 358,211,557,376 bytes free
Post-Run: 358,154,262,528 bytes free
.
- - End Of File - - 79D57A1F3B6F5CD196DD2944C74E4154
*******************************************************************************************************************************************************
Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 27
Java version out of date!
Adobe Reader X 10.1.0 Adobe Reader out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
windows defender MpCmdRun.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:57 PM

Posted 10 May 2012 - 02:40 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Steve0512

Steve0512
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 12 May 2012 - 01:41 PM

Here are the two scans you asked for. After I ran TDSKiller and allowed it to cure some file that it found the computer is working much better now. I no longer get any malicious URL blocked pop-ups from Avast and Windows was able to update itself.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

10:20:30.0445 3780 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
10:20:30.0472 3780 ============================================================
10:20:30.0472 3780 Current date / time: 2012/05/12 10:20:30.0472
10:20:30.0472 3780 SystemInfo:
10:20:30.0472 3780
10:20:30.0473 3780 OS Version: 6.0.6002 ServicePack: 2.0
10:20:30.0473 3780 Product type: Workstation
10:20:30.0473 3780 ComputerName: LAURENSVAIO
10:20:30.0473 3780 UserName: Owner
10:20:30.0473 3780 Windows directory: C:\Windows
10:20:30.0473 3780 System windows directory: C:\Windows
10:20:30.0473 3780 Processor architecture: Intel x86
10:20:30.0473 3780 Number of processors: 2
10:20:30.0473 3780 Page size: 0x1000
10:20:30.0473 3780 Boot type: Normal boot
10:20:30.0473 3780 ============================================================
10:20:30.0914 3780 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:20:30.0919 3780 ============================================================
10:20:30.0919 3780 \Device\Harddisk0\DR0:
10:20:30.0920 3780 MBR partitions:
10:20:30.0920 3780 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:20:30.0920 3780 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
10:20:30.0920 3780 ============================================================
10:20:30.0988 3780 C: <-> \Device\Harddisk0\DR0\Partition1
10:20:31.0018 3780 F: <-> \Device\Harddisk0\DR0\Partition0
10:20:31.0018 3780 ============================================================
10:20:31.0018 3780 Initialize success
10:20:31.0018 3780 ============================================================
10:20:59.0014 1932 ============================================================
10:20:59.0014 1932 Scan started
10:20:59.0014 1932 Mode: Manual;
10:20:59.0014 1932 ============================================================
10:20:59.0467 1932 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:20:59.0470 1932 ACPI - ok
10:20:59.0552 1932 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:20:59.0553 1932 AdobeARMservice - ok
10:20:59.0600 1932 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
10:20:59.0607 1932 adp94xx - ok
10:20:59.0639 1932 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
10:20:59.0644 1932 adpahci - ok
10:20:59.0668 1932 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
10:20:59.0669 1932 adpu160m - ok
10:20:59.0693 1932 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
10:20:59.0695 1932 adpu320 - ok
10:20:59.0757 1932 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
10:20:59.0758 1932 AeLookupSvc - ok
10:20:59.0834 1932 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
10:20:59.0839 1932 AFD - ok
10:20:59.0859 1932 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
10:20:59.0861 1932 agp440 - ok
10:20:59.0897 1932 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:20:59.0899 1932 aic78xx - ok
10:20:59.0952 1932 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
10:20:59.0954 1932 ALG - ok
10:20:59.0982 1932 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
10:20:59.0983 1932 aliide - ok
10:21:00.0003 1932 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
10:21:00.0005 1932 amdagp - ok
10:21:00.0019 1932 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
10:21:00.0020 1932 amdide - ok
10:21:00.0038 1932 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
10:21:00.0039 1932 AmdK7 - ok
10:21:00.0060 1932 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
10:21:00.0062 1932 AmdK8 - ok
10:21:00.0091 1932 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
10:21:00.0094 1932 ApfiltrService - ok
10:21:00.0131 1932 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
10:21:00.0132 1932 Appinfo - ok
10:21:00.0200 1932 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
10:21:00.0202 1932 arc - ok
10:21:00.0238 1932 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
10:21:00.0240 1932 arcsas - ok
10:21:00.0289 1932 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
10:21:00.0290 1932 aswFsBlk - ok
10:21:00.0333 1932 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
10:21:00.0334 1932 aswMonFlt - ok
10:21:00.0359 1932 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\Windows\system32\drivers\aswRdr.sys
10:21:00.0361 1932 aswRdr - ok
10:21:00.0439 1932 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
10:21:00.0512 1932 aswSnx - ok
10:21:00.0567 1932 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
10:21:00.0627 1932 aswSP - ok
10:21:00.0666 1932 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
10:21:00.0669 1932 aswTdi - ok
10:21:00.0723 1932 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:21:00.0724 1932 AsyncMac - ok
10:21:00.0767 1932 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
10:21:00.0768 1932 atapi - ok
10:21:00.0824 1932 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:21:00.0831 1932 AudioEndpointBuilder - ok
10:21:00.0842 1932 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:21:00.0851 1932 Audiosrv - ok
10:21:00.0942 1932 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
10:21:00.0944 1932 avast! Antivirus - ok
10:21:00.0969 1932 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:21:00.0970 1932 Beep - ok
10:21:01.0065 1932 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
10:21:01.0072 1932 BFE - ok
10:21:01.0224 1932 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
10:21:01.0246 1932 BITS - ok
10:21:01.0256 1932 blbdrive - ok
10:21:01.0297 1932 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:21:01.0299 1932 bowser - ok
10:21:01.0326 1932 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:21:01.0327 1932 BrFiltLo - ok
10:21:01.0341 1932 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:21:01.0342 1932 BrFiltUp - ok
10:21:01.0377 1932 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
10:21:01.0381 1932 Browser - ok
10:21:01.0411 1932 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:21:01.0413 1932 Brserid - ok
10:21:01.0434 1932 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:21:01.0436 1932 BrSerWdm - ok
10:21:01.0461 1932 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:21:01.0462 1932 BrUsbMdm - ok
10:21:01.0475 1932 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:21:01.0479 1932 BrUsbSer - ok
10:21:01.0502 1932 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:21:01.0504 1932 BTHMODEM - ok
10:21:01.0585 1932 catchme - ok
10:21:01.0682 1932 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:21:01.0684 1932 cdfs - ok
10:21:01.0694 1932 Cdr4_xp - ok
10:21:01.0706 1932 Cdralw2k - ok
10:21:01.0743 1932 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:21:01.0745 1932 cdrom - ok
10:21:01.0777 1932 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:21:01.0780 1932 CertPropSvc - ok
10:21:01.0804 1932 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
10:21:01.0806 1932 circlass - ok
10:21:01.0858 1932 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:21:01.0863 1932 CLFS - ok
10:21:01.0934 1932 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:21:01.0936 1932 clr_optimization_v2.0.50727_32 - ok
10:21:02.0038 1932 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:21:02.0040 1932 clr_optimization_v4.0.30319_32 - ok
10:21:02.0072 1932 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
10:21:02.0072 1932 CmBatt - ok
10:21:02.0091 1932 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
10:21:02.0092 1932 cmdide - ok
10:21:02.0114 1932 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
10:21:02.0114 1932 Compbatt - ok
10:21:02.0119 1932 COMSysApp - ok
10:21:02.0133 1932 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
10:21:02.0133 1932 crcdisk - ok
10:21:02.0157 1932 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
10:21:02.0158 1932 Crusoe - ok
10:21:02.0191 1932 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
10:21:02.0193 1932 CryptSvc - ok
10:21:02.0276 1932 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:21:02.0283 1932 DcomLaunch - ok
10:21:02.0320 1932 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
10:21:02.0321 1932 DfsC - ok
10:21:02.0512 1932 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
10:21:02.0527 1932 DFSR - ok
10:21:02.0759 1932 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
10:21:02.0762 1932 Dhcp - ok
10:21:02.0815 1932 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:21:02.0816 1932 disk - ok
10:21:02.0850 1932 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
10:21:02.0851 1932 DMICall - ok
10:21:02.0885 1932 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
10:21:02.0892 1932 Dnscache - ok
10:21:02.0955 1932 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
10:21:03.0002 1932 dot3svc - ok
10:21:03.0066 1932 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
10:21:03.0069 1932 DPS - ok
10:21:03.0105 1932 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:21:03.0105 1932 drmkaud - ok
10:21:03.0188 1932 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:21:03.0194 1932 DXGKrnl - ok
10:21:03.0238 1932 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:21:03.0240 1932 E1G60 - ok
10:21:03.0271 1932 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
10:21:03.0275 1932 EapHost - ok
10:21:03.0311 1932 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:21:03.0325 1932 Ecache - ok
10:21:03.0449 1932 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
10:21:03.0452 1932 ehRecvr - ok
10:21:03.0529 1932 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
10:21:03.0531 1932 ehSched - ok
10:21:03.0579 1932 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
10:21:03.0580 1932 ehstart - ok
10:21:03.0630 1932 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
10:21:03.0636 1932 elxstor - ok
10:21:03.0712 1932 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
10:21:03.0717 1932 EMDMgmt - ok
10:21:03.0823 1932 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
10:21:03.0826 1932 EventSystem - ok
10:21:03.0902 1932 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:21:03.0905 1932 exfat - ok
10:21:03.0953 1932 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:21:03.0968 1932 fastfat - ok
10:21:04.0007 1932 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
10:21:04.0008 1932 fdc - ok
10:21:04.0061 1932 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
10:21:04.0062 1932 fdPHost - ok
10:21:04.0084 1932 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
10:21:04.0086 1932 FDResPub - ok
10:21:04.0128 1932 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:21:04.0129 1932 FileInfo - ok
10:21:04.0161 1932 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:21:04.0162 1932 Filetrace - ok
10:21:04.0183 1932 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
10:21:04.0184 1932 flpydisk - ok
10:21:04.0210 1932 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:21:04.0212 1932 FltMgr - ok
10:21:04.0289 1932 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
10:21:04.0312 1932 FontCache - ok
10:21:04.0416 1932 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:21:04.0417 1932 FontCache3.0.0.0 - ok
10:21:04.0439 1932 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
10:21:04.0440 1932 Fs_Rec - ok
10:21:04.0476 1932 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
10:21:04.0478 1932 gagp30kx - ok
10:21:04.0557 1932 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
10:21:04.0565 1932 gpsvc - ok
10:21:04.0676 1932 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
10:21:04.0691 1932 gupdate - ok
10:21:04.0696 1932 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
10:21:04.0697 1932 gupdatem - ok
10:21:04.0731 1932 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:21:04.0746 1932 gusvc - ok
10:21:04.0776 1932 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:21:04.0780 1932 HdAudAddService - ok
10:21:04.0853 1932 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:21:04.0857 1932 HDAudBus - ok
10:21:04.0879 1932 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:21:04.0880 1932 HidBth - ok
10:21:04.0899 1932 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:21:04.0900 1932 HidIr - ok
10:21:04.0957 1932 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
10:21:04.0960 1932 hidserv - ok
10:21:04.0995 1932 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:21:04.0996 1932 HidUsb - ok
10:21:05.0067 1932 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
10:21:05.0070 1932 hkmsvc - ok
10:21:05.0083 1932 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
10:21:05.0084 1932 HpCISSs - ok
10:21:05.0104 1932 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
10:21:05.0108 1932 HSFHWAZL - ok
10:21:05.0214 1932 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
10:21:05.0221 1932 HSF_DPV - ok
10:21:05.0244 1932 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
10:21:05.0245 1932 HSXHWAZL - ok
10:21:05.0296 1932 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:21:05.0300 1932 HTTP - ok
10:21:05.0343 1932 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
10:21:05.0344 1932 i2omp - ok
10:21:05.0363 1932 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:21:05.0364 1932 i8042prt - ok
10:21:05.0402 1932 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
10:21:05.0405 1932 iaStor - ok
10:21:05.0438 1932 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
10:21:05.0442 1932 iaStorV - ok
10:21:05.0519 1932 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
10:21:05.0521 1932 IDriverT - ok
10:21:05.0675 1932 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:21:05.0692 1932 idsvc - ok
10:21:05.0953 1932 igfx (040bcb496d604a9859657088f400f0eb) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:21:05.0968 1932 igfx - ok
10:21:06.0096 1932 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:21:06.0097 1932 iirsp - ok
10:21:06.0152 1932 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
10:21:06.0157 1932 IKEEXT - ok
10:21:06.0180 1932 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
10:21:06.0181 1932 intelide - ok
10:21:06.0208 1932 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:21:06.0209 1932 intelppm - ok
10:21:06.0243 1932 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
10:21:06.0245 1932 IPBusEnum - ok
10:21:06.0294 1932 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:21:06.0295 1932 IpFilterDriver - ok
10:21:06.0347 1932 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
10:21:06.0351 1932 iphlpsvc - ok
10:21:06.0355 1932 IpInIp - ok
10:21:06.0375 1932 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
10:21:06.0376 1932 IPMIDRV - ok
10:21:06.0406 1932 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:21:06.0407 1932 IPNAT - ok
10:21:06.0441 1932 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:21:06.0442 1932 IRENUM - ok
10:21:06.0459 1932 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
10:21:06.0461 1932 isapnp - ok
10:21:06.0510 1932 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:21:06.0511 1932 iScsiPrt - ok
10:21:06.0531 1932 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:21:06.0532 1932 iteatapi - ok
10:21:06.0550 1932 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:21:06.0551 1932 iteraid - ok
10:21:06.0585 1932 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:21:06.0586 1932 kbdclass - ok
10:21:06.0603 1932 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
10:21:06.0604 1932 kbdhid - ok
10:21:06.0650 1932 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:21:06.0653 1932 KeyIso - ok
10:21:06.0691 1932 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
10:21:06.0696 1932 KSecDD - ok
10:21:06.0777 1932 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
10:21:06.0785 1932 KtmRm - ok
10:21:06.0839 1932 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
10:21:06.0846 1932 LanmanServer - ok
10:21:06.0882 1932 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
10:21:06.0891 1932 LanmanWorkstation - ok
10:21:06.0925 1932 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:21:06.0926 1932 lltdio - ok
10:21:06.0971 1932 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
10:21:06.0984 1932 lltdsvc - ok
10:21:07.0022 1932 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
10:21:07.0027 1932 lmhosts - ok
10:21:07.0067 1932 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
10:21:07.0069 1932 LSI_FC - ok
10:21:07.0091 1932 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
10:21:07.0094 1932 LSI_SAS - ok
10:21:07.0119 1932 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
10:21:07.0121 1932 LSI_SCSI - ok
10:21:07.0174 1932 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:21:07.0176 1932 luafv - ok
10:21:07.0254 1932 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
10:21:07.0256 1932 MBAMProtector - ok
10:21:07.0388 1932 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:21:07.0395 1932 MBAMService - ok
10:21:07.0442 1932 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
10:21:07.0447 1932 Mcx2Svc - ok
10:21:07.0500 1932 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:21:07.0501 1932 mdmxsdk - ok
10:21:07.0538 1932 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
10:21:07.0539 1932 megasas - ok
10:21:07.0572 1932 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:21:07.0579 1932 MMCSS - ok
10:21:07.0658 1932 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:21:07.0660 1932 Modem - ok
10:21:07.0715 1932 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:21:07.0717 1932 monitor - ok
10:21:07.0744 1932 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:21:07.0747 1932 mouclass - ok
10:21:07.0804 1932 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:21:07.0806 1932 mouhid - ok
10:21:07.0835 1932 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:21:07.0837 1932 MountMgr - ok
10:21:07.0880 1932 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
10:21:07.0883 1932 mpio - ok
10:21:07.0942 1932 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:21:07.0950 1932 mpsdrv - ok
10:21:08.0018 1932 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
10:21:08.0032 1932 MpsSvc - ok
10:21:08.0065 1932 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:21:08.0068 1932 Mraid35x - ok
10:21:08.0125 1932 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:21:08.0128 1932 MRxDAV - ok
10:21:08.0153 1932 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:21:08.0156 1932 mrxsmb - ok
10:21:08.0210 1932 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:21:08.0214 1932 mrxsmb10 - ok
10:21:08.0230 1932 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:21:08.0233 1932 mrxsmb20 - ok
10:21:08.0254 1932 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
10:21:08.0256 1932 msahci - ok
10:21:08.0340 1932 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
10:21:08.0342 1932 MSCSPTISRV - ok
10:21:08.0365 1932 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
10:21:08.0368 1932 msdsm - ok
10:21:08.0414 1932 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
10:21:08.0422 1932 MSDTC - ok
10:21:08.0470 1932 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:21:08.0472 1932 Msfs - ok
10:21:08.0498 1932 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:21:08.0499 1932 msisadrv - ok
10:21:08.0559 1932 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
10:21:08.0574 1932 MSiSCSI - ok
10:21:08.0578 1932 msiserver - ok
10:21:08.0630 1932 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:21:08.0631 1932 MSKSSRV - ok
10:21:08.0675 1932 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:21:08.0676 1932 MSPCLOCK - ok
10:21:08.0720 1932 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:21:08.0721 1932 MSPQM - ok
10:21:08.0760 1932 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:21:08.0774 1932 MsRPC - ok
10:21:08.0805 1932 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:21:08.0806 1932 mssmbios - ok
10:21:08.0845 1932 MSSQL$VAIO_VEDB - ok
10:21:08.0895 1932 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
10:21:08.0896 1932 MSSQLServerADHelper - ok
10:21:08.0935 1932 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:21:08.0936 1932 MSTEE - ok
10:21:08.0973 1932 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:21:08.0974 1932 Mup - ok
10:21:09.0050 1932 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
10:21:09.0056 1932 napagent - ok
10:21:09.0092 1932 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:21:09.0093 1932 NativeWifiP - ok
10:21:09.0135 1932 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:21:09.0139 1932 NDIS - ok
10:21:09.0170 1932 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:21:09.0171 1932 NdisTapi - ok
10:21:09.0194 1932 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:21:09.0195 1932 Ndisuio - ok
10:21:09.0251 1932 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:21:09.0254 1932 NdisWan - ok
10:21:09.0300 1932 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:21:09.0302 1932 NDProxy - ok
10:21:09.0363 1932 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:21:09.0364 1932 NetBIOS - ok
10:21:09.0393 1932 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:21:09.0396 1932 netbt - ok
10:21:09.0430 1932 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:21:09.0435 1932 Netlogon - ok
10:21:09.0491 1932 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
10:21:09.0498 1932 Netman - ok
10:21:09.0541 1932 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
10:21:09.0549 1932 netprofm - ok
10:21:09.0645 1932 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:21:09.0650 1932 NetTcpPortSharing - ok
10:21:09.0844 1932 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
10:21:09.0879 1932 NETw4v32 - ok
10:21:10.0029 1932 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:21:10.0032 1932 nfrd960 - ok
10:21:10.0071 1932 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
10:21:10.0095 1932 NlaSvc - ok
10:21:10.0125 1932 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:21:10.0128 1932 Npfs - ok
10:21:10.0156 1932 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
10:21:10.0165 1932 nsi - ok
10:21:10.0191 1932 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:21:10.0192 1932 nsiproxy - ok
10:21:10.0300 1932 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:21:10.0334 1932 Ntfs - ok
10:21:10.0370 1932 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:21:10.0371 1932 ntrigdigi - ok
10:21:10.0412 1932 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:21:10.0413 1932 Null - ok
10:21:10.0434 1932 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
10:21:10.0436 1932 nvraid - ok
10:21:10.0452 1932 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
10:21:10.0453 1932 nvstor - ok
10:21:10.0475 1932 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
10:21:10.0478 1932 nv_agp - ok
10:21:10.0482 1932 NwlnkFlt - ok
10:21:10.0488 1932 NwlnkFwd - ok
10:21:10.0524 1932 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
10:21:10.0525 1932 ohci1394 - ok
10:21:10.0630 1932 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:21:10.0689 1932 p2pimsvc - ok
10:21:10.0698 1932 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:21:10.0706 1932 p2psvc - ok
10:21:10.0781 1932 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
10:21:10.0782 1932 PACSPTISVR - ok
10:21:10.0825 1932 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:21:10.0827 1932 Parport - ok
10:21:10.0856 1932 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
10:21:10.0858 1932 partmgr - ok
10:21:10.0875 1932 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:21:10.0876 1932 Parvdm - ok
10:21:10.0925 1932 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
10:21:10.0931 1932 PcaSvc - ok
10:21:10.0959 1932 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:21:10.0961 1932 pci - ok
10:21:10.0986 1932 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
10:21:10.0987 1932 pciide - ok
10:21:11.0026 1932 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
10:21:11.0028 1932 pcmcia - ok
10:21:11.0103 1932 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:21:11.0113 1932 PEAUTH - ok
10:21:11.0273 1932 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
10:21:11.0319 1932 pla - ok
10:21:11.0510 1932 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
10:21:11.0524 1932 PlugPlay - ok
10:21:11.0621 1932 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:21:11.0638 1932 PNRPAutoReg - ok
10:21:11.0656 1932 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:21:11.0668 1932 PNRPsvc - ok
10:21:11.0748 1932 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
10:21:11.0763 1932 PolicyAgent - ok
10:21:11.0805 1932 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:21:11.0806 1932 PptpMiniport - ok
10:21:11.0837 1932 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
10:21:11.0839 1932 Processor - ok
10:21:11.0885 1932 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
10:21:11.0890 1932 ProfSvc - ok
10:21:11.0961 1932 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:21:11.0964 1932 ProtectedStorage - ok
10:21:11.0990 1932 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:21:11.0991 1932 PSched - ok
10:21:12.0017 1932 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
10:21:12.0018 1932 PxHelp20 - ok
10:21:12.0100 1932 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
10:21:12.0107 1932 ql2300 - ok
10:21:12.0141 1932 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:21:12.0143 1932 ql40xx - ok
10:21:12.0210 1932 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
10:21:12.0231 1932 QWAVE - ok
10:21:12.0285 1932 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:21:12.0286 1932 QWAVEdrv - ok
10:21:12.0324 1932 R5U870FLx86 (c7978ab193c145bc82625a5516c5224b) C:\Windows\system32\Drivers\R5U870FLx86.sys
10:21:12.0325 1932 R5U870FLx86 - ok
10:21:12.0364 1932 R5U870FUx86 (0caf10cfa5a3dbf334aba05058407291) C:\Windows\system32\Drivers\R5U870FUx86.sys
10:21:12.0366 1932 R5U870FUx86 - ok
10:21:12.0384 1932 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:21:12.0386 1932 RasAcd - ok
10:21:12.0439 1932 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
10:21:12.0468 1932 RasAuto - ok
10:21:12.0524 1932 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:21:12.0526 1932 Rasl2tp - ok
10:21:12.0587 1932 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
10:21:12.0595 1932 RasMan - ok
10:21:12.0661 1932 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:21:12.0663 1932 RasPppoe - ok
10:21:12.0711 1932 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:21:12.0712 1932 RasSstp - ok
10:21:12.0738 1932 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:21:12.0743 1932 rdbss - ok
10:21:12.0780 1932 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:21:12.0781 1932 RDPCDD - ok
10:21:12.0835 1932 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
10:21:12.0841 1932 rdpdr - ok
10:21:12.0855 1932 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:21:12.0857 1932 RDPENCDD - ok
10:21:12.0909 1932 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
10:21:12.0913 1932 RDPWD - ok
10:21:12.0966 1932 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
10:21:12.0971 1932 RemoteAccess - ok
10:21:13.0045 1932 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
10:21:13.0053 1932 RemoteRegistry - ok
10:21:13.0082 1932 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
10:21:13.0087 1932 RpcLocator - ok
10:21:13.0166 1932 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:21:13.0177 1932 RpcSs - ok
10:21:13.0212 1932 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:21:13.0214 1932 rspndr - ok
10:21:13.0234 1932 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:21:13.0240 1932 SamSs - ok
10:21:13.0284 1932 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:21:13.0285 1932 sbp2port - ok
10:21:13.0311 1932 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
10:21:13.0316 1932 SCardSvr - ok
10:21:13.0390 1932 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
10:21:13.0398 1932 Schedule - ok
10:21:13.0442 1932 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:21:13.0443 1932 SCPolicySvc - ok
10:21:13.0510 1932 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
10:21:13.0515 1932 SDRSVC - ok
10:21:13.0530 1932 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:21:13.0531 1932 secdrv - ok
10:21:13.0606 1932 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
10:21:13.0611 1932 seclogon - ok
10:21:13.0625 1932 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
10:21:13.0629 1932 SENS - ok
10:21:13.0649 1932 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
10:21:13.0650 1932 Serenum - ok
10:21:13.0670 1932 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:21:13.0672 1932 Serial - ok
10:21:13.0716 1932 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:21:13.0717 1932 sermouse - ok
10:21:13.0782 1932 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
10:21:13.0787 1932 SessionEnv - ok
10:21:13.0811 1932 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
10:21:13.0812 1932 sffdisk - ok
10:21:13.0827 1932 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
10:21:13.0828 1932 sffp_mmc - ok
10:21:13.0844 1932 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
10:21:13.0845 1932 sffp_sd - ok
10:21:13.0858 1932 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:21:13.0860 1932 sfloppy - ok
10:21:13.0950 1932 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
10:21:13.0956 1932 SharedAccess - ok
10:21:14.0004 1932 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
10:21:14.0014 1932 ShellHWDetection - ok
10:21:14.0029 1932 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
10:21:14.0030 1932 sisagp - ok
10:21:14.0049 1932 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
10:21:14.0050 1932 SiSRaid2 - ok
10:21:14.0083 1932 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
10:21:14.0086 1932 SiSRaid4 - ok
10:21:14.0367 1932 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
10:21:14.0467 1932 slsvc - ok
10:21:14.0630 1932 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
10:21:14.0649 1932 SLUINotify - ok
10:21:14.0729 1932 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:21:14.0731 1932 Smb - ok
10:21:14.0754 1932 SNC (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys
10:21:14.0755 1932 SNC - ok
10:21:14.0770 1932 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
10:21:14.0777 1932 SNMPTRAP - ok
10:21:14.0836 1932 SonyImgF (bcda64bc74578cf82544538b4be646bf) C:\Windows\system32\DRIVERS\SonyImgF.sys
10:21:14.0838 1932 SonyImgF - ok
10:21:14.0850 1932 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:21:14.0852 1932 spldr - ok
10:21:14.0912 1932 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
10:21:14.0918 1932 Spooler - ok
10:21:14.0999 1932 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
10:21:15.0001 1932 SPTISRV - ok
10:21:15.0081 1932 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
10:21:15.0084 1932 SQLBrowser - ok
10:21:15.0121 1932 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:21:15.0122 1932 SQLWriter - ok
10:21:15.0194 1932 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
10:21:15.0197 1932 srv - ok
10:21:15.0231 1932 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
10:21:15.0247 1932 srv2 - ok
10:21:15.0331 1932 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
10:21:15.0333 1932 srvnet - ok
10:21:15.0369 1932 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
10:21:15.0375 1932 SSDPSRV - ok
10:21:15.0429 1932 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
10:21:15.0457 1932 SstpSvc - ok
10:21:15.0520 1932 STHDA (ea6204726ac084fece5086db72a12fdb) C:\Windows\system32\drivers\stwrt.sys
10:21:15.0523 1932 STHDA - ok
10:21:15.0593 1932 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
10:21:15.0603 1932 stisvc - ok
10:21:15.0663 1932 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:21:15.0664 1932 swenum - ok
10:21:15.0704 1932 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
10:21:15.0711 1932 swprv - ok
10:21:15.0755 1932 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:21:15.0757 1932 Symc8xx - ok
10:21:15.0775 1932 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:21:15.0777 1932 Sym_hi - ok
10:21:15.0799 1932 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:21:15.0801 1932 Sym_u3 - ok
10:21:15.0876 1932 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
10:21:15.0884 1932 SysMain - ok
10:21:15.0916 1932 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
10:21:15.0922 1932 TabletInputService - ok
10:21:15.0978 1932 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
10:21:15.0984 1932 TapiSrv - ok
10:21:16.0019 1932 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
10:21:16.0025 1932 TBS - ok
10:21:16.0129 1932 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
10:21:16.0150 1932 Tcpip - ok
10:21:16.0163 1932 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
10:21:16.0171 1932 Tcpip6 - ok
10:21:16.0220 1932 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
10:21:16.0221 1932 tcpipreg - ok
10:21:16.0264 1932 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:21:16.0265 1932 TDPIPE - ok
10:21:16.0283 1932 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:21:16.0285 1932 TDTCP - ok
10:21:16.0336 1932 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:21:16.0338 1932 tdx - ok
10:21:16.0354 1932 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:21:16.0356 1932 TermDD - ok
10:21:16.0429 1932 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
10:21:16.0437 1932 TermService - ok
10:21:16.0492 1932 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
10:21:16.0498 1932 Themes - ok
10:21:16.0526 1932 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:21:16.0529 1932 THREADORDER - ok
10:21:16.0614 1932 ti21sony (dcd46a3fc856167fd985507492ae610a) C:\Windows\system32\drivers\ti21sony.sys
10:21:16.0622 1932 ti21sony - ok
10:21:16.0694 1932 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
10:21:16.0702 1932 TrkWks - ok
10:21:16.0780 1932 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
10:21:16.0781 1932 TrustedInstaller - ok
10:21:16.0813 1932 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:21:16.0815 1932 tssecsrv - ok
10:21:16.0849 1932 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:21:16.0851 1932 tunmp - ok
10:21:16.0863 1932 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
10:21:16.0864 1932 tunnel - ok
10:21:16.0906 1932 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
10:21:16.0908 1932 uagp35 - ok
10:21:16.0964 1932 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:21:16.0969 1932 udfs - ok
10:21:17.0034 1932 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
10:21:17.0041 1932 UI0Detect - ok
10:21:17.0061 1932 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
10:21:17.0064 1932 uliagpkx - ok
10:21:17.0109 1932 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
10:21:17.0114 1932 uliahci - ok
10:21:17.0150 1932 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:21:17.0153 1932 UlSata - ok
10:21:17.0175 1932 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:21:17.0178 1932 ulsata2 - ok
10:21:17.0214 1932 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:21:17.0217 1932 umbus - ok
10:21:17.0261 1932 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
10:21:17.0269 1932 upnphost - ok
10:21:17.0309 1932 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:21:17.0310 1932 usbccgp - ok
10:21:17.0326 1932 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:21:17.0328 1932 usbcir - ok
10:21:17.0368 1932 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:21:17.0369 1932 usbehci - ok
10:21:17.0415 1932 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:21:17.0417 1932 usbhub - ok
10:21:17.0445 1932 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:21:17.0446 1932 usbohci - ok
10:21:17.0460 1932 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
10:21:17.0461 1932 usbprint - ok
10:21:17.0484 1932 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:21:17.0485 1932 USBSTOR - ok
10:21:17.0527 1932 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:21:17.0529 1932 usbuhci - ok
10:21:17.0617 1932 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
10:21:17.0618 1932 usbvideo - ok
10:21:17.0681 1932 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
10:21:17.0686 1932 UxSms - ok
10:21:17.0780 1932 VAIO Entertainment TV Device Arbitration Service (4e9c6bf8d0655bb7538088dc6f2306d9) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
10:21:17.0782 1932 VAIO Entertainment TV Device Arbitration Service - ok
10:21:17.0842 1932 VAIO Event Service (8a9f18adad471402236ca931553bf79b) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
10:21:17.0845 1932 VAIO Event Service - ok
10:21:18.0096 1932 VAIOMediaPlatform-IntegratedServer-AppServer (88dc6b884824a578b0e1e9c3790c105b) C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
10:21:18.0161 1932 VAIOMediaPlatform-IntegratedServer-AppServer - ok
10:21:18.0259 1932 VAIOMediaPlatform-IntegratedServer-HTTP (56e33aaa46cba8431e72486196afb3a1) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
10:21:18.0284 1932 VAIOMediaPlatform-IntegratedServer-HTTP - ok
10:21:18.0382 1932 VAIOMediaPlatform-IntegratedServer-UPnP (addf0e4e19bd2ff0a0b852d324fdc281) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
10:21:18.0390 1932 VAIOMediaPlatform-IntegratedServer-UPnP - ok
10:21:18.0483 1932 VAIOMediaPlatform-UCLS-AppServer (52d4f568fe7d05ae5026b8717eeb59eb) C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
10:21:18.0489 1932 VAIOMediaPlatform-UCLS-AppServer - ok
10:21:18.0547 1932 VAIOMediaPlatform-UCLS-HTTP (56e33aaa46cba8431e72486196afb3a1) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
10:21:18.0550 1932 VAIOMediaPlatform-UCLS-HTTP - ok
10:21:18.0694 1932 VAIOMediaPlatform-UCLS-UPnP (addf0e4e19bd2ff0a0b852d324fdc281) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
10:21:18.0701 1932 VAIOMediaPlatform-UCLS-UPnP - ok
10:21:18.0743 1932 Vcsw - ok
10:21:18.0921 1932 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
10:21:18.0948 1932 vds - ok
10:21:19.0010 1932 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
10:21:19.0012 1932 vga - ok
10:21:19.0031 1932 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:21:19.0033 1932 VgaSave - ok
10:21:19.0056 1932 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
10:21:19.0059 1932 viaagp - ok
10:21:19.0081 1932 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
10:21:19.0084 1932 ViaC7 - ok
10:21:19.0118 1932 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
10:21:19.0120 1932 viaide - ok
10:21:19.0144 1932 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:21:19.0147 1932 volmgr - ok
10:21:19.0184 1932 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:21:19.0188 1932 volmgrx - ok
10:21:19.0209 1932 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:21:19.0212 1932 volsnap - ok
10:21:19.0239 1932 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
10:21:19.0256 1932 vsmraid - ok
10:21:19.0392 1932 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
10:21:19.0410 1932 VSS - ok
10:21:19.0491 1932 VzCdbSvc (5feb20d9ed9a2bd4f234222b0a3bb855) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
10:21:19.0492 1932 VzCdbSvc - ok
10:21:19.0514 1932 VzFw (3757dfd3c07896ef660d4060366e7b4e) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
10:21:19.0515 1932 VzFw - ok
10:21:19.0687 1932 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
10:21:19.0739 1932 W32Time - ok
10:21:19.0801 1932 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:21:19.0802 1932 WacomPen - ok
10:21:19.0866 1932 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:21:19.0867 1932 Wanarp - ok
10:21:19.0872 1932 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:21:19.0873 1932 Wanarpv6 - ok
10:21:19.0921 1932 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
10:21:19.0929 1932 wcncsvc - ok
10:21:19.0964 1932 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
10:21:19.0969 1932 WcsPlugInService - ok
10:21:19.0992 1932 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
10:21:19.0994 1932 Wd - ok
10:21:20.0056 1932 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
10:21:20.0081 1932 Wdf01000 - ok
10:21:20.0112 1932 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:21:20.0117 1932 WdiServiceHost - ok
10:21:20.0121 1932 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:21:20.0127 1932 WdiSystemHost - ok
10:21:20.0186 1932 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
10:21:20.0196 1932 WebClient - ok
10:21:20.0232 1932 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
10:21:20.0241 1932 Wecsvc - ok
10:21:20.0280 1932 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
10:21:20.0288 1932 wercplsupport - ok
10:21:20.0322 1932 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
10:21:20.0338 1932 WerSvc - ok
10:21:20.0367 1932 WimFltr (c8d53a13e867d5a7eafb19400016560f) C:\Windows\system32\DRIVERS\wimfltr.sys
10:21:20.0370 1932 WimFltr - ok
10:21:20.0436 1932 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
10:21:20.0443 1932 winachsf - ok
10:21:20.0536 1932 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
10:21:20.0589 1932 WinDefend - ok
10:21:20.0598 1932 WinHttpAutoProxySvc - ok
10:21:20.0701 1932 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
10:21:20.0715 1932 Winmgmt - ok
10:21:20.0826 1932 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
10:21:20.0877 1932 WinRM - ok
10:21:20.0980 1932 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
10:21:20.0999 1932 Wlansvc - ok
10:21:21.0077 1932 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
10:21:21.0081 1932 WmiAcpi - ok
10:21:21.0159 1932 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
10:21:21.0162 1932 wmiApSrv - ok
10:21:21.0327 1932 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:21:21.0340 1932 WMPNetworkSvc - ok
10:21:21.0384 1932 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
10:21:21.0399 1932 WPCSvc - ok
10:21:21.0436 1932 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
10:21:21.0454 1932 WPDBusEnum - ok
10:21:21.0648 1932 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:21:21.0662 1932 WPFFontCache_v0400 - ok
10:21:21.0759 1932 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:21:21.0762 1932 ws2ifsl - ok
10:21:21.0839 1932 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
10:21:21.0853 1932 wscsvc - ok
10:21:21.0864 1932 WSearch - ok
10:21:22.0081 1932 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
10:21:22.0143 1932 wuauserv - ok
10:21:22.0318 1932 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:21:22.0321 1932 WUDFRd - ok
10:21:22.0380 1932 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
10:21:22.0399 1932 wudfsvc - ok
10:21:22.0427 1932 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
10:21:22.0429 1932 XAudio - ok
10:21:22.0480 1932 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
10:21:22.0487 1932 XAudioService - ok
10:21:22.0533 1932 yukonwlh (1b1984a421e69c1b7bf62be4655823d4) C:\Windows\system32\DRIVERS\yk60x86.sys
10:21:22.0538 1932 yukonwlh - ok
10:21:22.0588 1932 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
10:21:22.0634 1932 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
10:21:22.0634 1932 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
10:21:22.0678 1932 Boot (0x1200) (51d632d694e81e66370300df441707da) \Device\Harddisk0\DR0\Partition0
10:21:22.0681 1932 \Device\Harddisk0\DR0\Partition0 - ok
10:21:22.0699 1932 Boot (0x1200) (7473eebb00ae3347cf25df4542fa4dff) \Device\Harddisk0\DR0\Partition1
10:21:22.0702 1932 \Device\Harddisk0\DR0\Partition1 - ok
10:21:22.0702 1932 ============================================================
10:21:22.0703 1932 Scan finished
10:21:22.0703 1932 ============================================================
10:21:22.0728 1536 Detected object count: 1
10:21:22.0728 1536 Actual detected object count: 1
10:21:45.0035 1536 \Device\Harddisk0\DR0\# - copied to quarantine
10:21:45.0035 1536 \Device\Harddisk0\DR0 - copied to quarantine
10:21:45.0071 1536 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
10:21:45.0083 1536 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
10:21:45.0086 1536 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
10:21:45.0092 1536 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
10:21:45.0099 1536 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
10:21:45.0115 1536 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
10:21:45.0125 1536 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
10:21:45.0127 1536 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
10:21:45.0130 1536 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
10:21:45.0132 1536 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
10:21:45.0136 1536 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
10:21:45.0140 1536 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
10:21:45.0177 1536 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
10:21:45.0178 1536 \Device\Harddisk0\DR0 - ok
10:21:45.0282 1536 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
10:21:57.0609 3432 Deinitialize success
***************************************************************************************************************


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-12 12:57:16
-----------------------------
12:57:16.850 OS Version: Windows 6.0.6002 Service Pack 2
12:57:16.851 Number of processors: 2 586 0xF0D
12:57:16.854 ComputerName: LAURENSVAIO UserName: Owner
12:57:21.938 Initialize success
12:57:27.213 AVAST engine defs: 12051200
12:57:33.624 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:57:33.631 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
12:57:33.640 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005d
12:57:33.648 Disk 1 Vendor: ( Size: 476940MB BusType: 0
12:57:33.658 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000005e
12:57:33.667 Disk 2 Vendor: ( Size: 476940MB BusType: 0
12:57:33.966 Disk 0 MBR read successfully
12:57:33.977 Disk 0 MBR scan
12:57:33.989 Disk 0 Windows 7 default MBR code
12:57:34.301 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 100 MB offset 2048
12:57:34.411 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 476838 MB offset 206848
12:57:34.601 Disk 0 scanning sectors +976771072
12:57:34.846 Disk 0 scanning C:\Windows\system32\drivers
12:57:57.871 Service scanning
12:58:24.716 Modules scanning
12:58:33.938 Disk 0 trace - called modules:
12:58:33.947
12:58:36.898 AVAST engine scan C:\Windows
12:58:43.576 AVAST engine scan C:\Windows\system32
13:03:22.210 AVAST engine scan C:\Windows\system32\drivers
13:04:18.180 AVAST engine scan C:\Users\Owner
13:13:47.255 Disk 0 MBR has been saved successfully to "I:\Bleeping Computer\MBR.dat"
13:13:47.286 The log file has been saved successfully to "I:\Bleeping Computer\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:57 PM

Posted 12 May 2012 - 05:52 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:57 PM

Posted 15 May 2012 - 05:03 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Steve0512

Steve0512
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 16 May 2012 - 11:59 AM

Sorry for the delay. The computer seems to be working great! I had no problems running the last scan. Here are the results.

Thanks again.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

ComboFix 12-05-16.02 - Owner 05/16/12 11:34:20.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1744 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\Temp\8e47541adb5f46afac84711f50d7886a\filesys.dll
c:\users\Owner\AppData\Local\temp\8e47541adb5f46afac84711f50d7886a\http.dll
c:\users\Owner\AppData\Roaming\completescan
c:\users\Owner\AppData\Roaming\install
c:\windows\config.ini
c:\windows\system32\404Fix.exe
c:\windows\system32\CF22757.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 )))))))))))))))))))))))))))))))
.
.
2012-05-16 16:44 . 2012-05-16 16:46 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-05-16 16:44 . 2012-05-16 16:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-16 16:44 . 2012-05-16 16:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-12 19:11 . 2012-05-12 19:11 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-12 18:47 . 2012-05-12 18:47 -------- d-----w- c:\program files\Common Files\Java
2012-05-12 18:46 . 2012-05-12 18:46 -------- d-----w- c:\program files\Oracle
2012-05-12 18:45 . 2012-04-04 23:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-12 15:40 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DAEB8C05-001A-4BD4-ABC5-855C60C1AD81}\mpengine.dll
2012-05-12 15:32 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 15:32 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 15:32 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 15:32 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-12 15:32 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-12 15:32 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-12 15:32 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-12 15:32 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-12 15:32 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 15:32 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-12 15:32 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 15:32 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 15:21 . 2012-05-12 15:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-04 22:31 . 2012-05-04 22:31 -------- d-----w- c:\programdata\Malwarebytes
2012-05-04 22:11 . 2011-01-16 15:59 484864 ----a-w- c:\windows\BiosPatch_BB.exe
2012-05-04 19:58 . 2012-02-23 19:24 21848 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-04 19:43 . 2012-05-04 19:43 -------- d-----w- c:\programdata\IObit
2012-05-04 19:42 . 2012-05-12 19:04 -------- d-----w- c:\users\Owner\AppData\Roaming\IObit
2012-05-04 19:42 . 2012-05-04 19:42 -------- d-----w- c:\program files\IObit
2012-05-04 19:37 . 2012-05-04 19:37 -------- d-----w- c:\users\Owner\AppData\Roaming\QuickScan
2012-05-04 17:22 . 2012-05-04 17:22 -------- d-----w- c:\users\Owner\AppData\Roaming\Auslogics
2012-05-04 17:22 . 2012-05-04 17:22 -------- d-----w- c:\program files\Auslogics
2012-05-03 21:53 . 2012-05-03 21:53 -------- d-----w- c:\users\Owner\AppData\Roaming\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-12 19:11 . 2011-06-17 14:37 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-06 23:15 . 2010-10-09 20:58 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2010-10-09 20:58 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-06-28 11:39 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2010-10-09 21:00 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2010-10-09 21:00 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2010-10-09 21:00 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2010-10-09 21:00 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2010-10-09 21:00 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-29 15:11 . 2012-04-12 08:08 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-12 08:08 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-12 08:08 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-12 08:08 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-12 08:08 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 08:08 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 08:08 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 08:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 15:18 . 2010-07-26 04:27 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-11-13 118784]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-02-13 22:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-03-24 03:05 154392 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-03-24 03:06 138008 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickBooks Simple Start]
2007-01-31 04:59 371712 ----a-w- c:\program files\Intuit\SimpleStartEntice\entice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
2007-03-06 22:22 36864 ----a-w- c:\program files\Sony\VAIO Center Access Bar\VCAB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
2007-02-08 02:43 411768 ----a-w- c:\program files\Sony\VAIO Camera Utility\VCUServe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSecurity]
2007-03-14 00:13 2322432 ----a-w- c:\program files\Sony\VAIO Security Center\VSC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe"
"Persistence"=c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1355865791-1433658893-2000815304-1005]
"EnableNotificationsRef"=dword:00000002
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 257696]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 19:11]
.
2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-01 13:19]
.
2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-01 13:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-05-16 11:56:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-16 16:56
ComboFix2.txt 2012-05-09 15:44
ComboFix3.txt 2010-10-25 20:16
.
Pre-Run: 361,734,242,304 bytes free
Post-Run: 361,584,650,240 bytes free
.
- - End Of File - - 4479B7BD9477F4D6ED02F81BE34A40D9

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:57 PM

Posted 17 May 2012 - 01:01 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 27
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Steve0512

Steve0512
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 18 May 2012 - 11:15 AM

Here is the log from MBAM. It did not find anything. I could not install HiJackThis, I was getting an error of "The feature you are trying to use is on a network resource that is unavailable". I even tried redownloading the program from CNET and it did the same thing.

Otherwise, the computer seems to be working well.
Thanks again!
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.18.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: LAURENSVAIO [administrator]

Protection: Disabled

05/18/12 10:44:52 AM
mbam-log-2012-05-18 (10-44-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191845
Time elapsed: 6 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:57 PM

Posted 18 May 2012 - 04:05 PM

try restarting the computer and doing it once more please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Steve0512

Steve0512
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 20 May 2012 - 09:00 PM

Work is a little busy right now, I will do so in a day or two.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:57 PM

Posted 20 May 2012 - 09:08 PM

thanks for letting me know and I will check on you in a couple of days



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:57 PM

Posted 23 May 2012 - 06:12 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:57 PM

Posted 26 May 2012 - 12:26 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users