Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista home 64 consrv.dll bring a sony vista to life again


  • This topic is locked This topic is locked
20 replies to this topic

#1 mojomike

mojomike

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 27 May 2012 - 09:27 AM

Morning all,
I never thought I would have to post to this forum since everything is rather well written on a consistent basis, so let's hope my future solution will help out as other solutions have helped me.

Here is my problem:
I ran pc tools spyware doctor and let it act in auto repair ... big mistake ( yes i know LOL but I'm not perfect )

the platform is a sony Viao running vista 64 home
currently it will not successfully do a start-up repair
it will not successfully do a system restore.

when I try to boot in safe mode I get the following error
"STOP: c0000135 {Unable To Locate Component} consrv not found:

hows that for a nightmare LOL

so following some standard ideas that have helped me in the past ( you guys do go to great lengths to explain solutions )

here is my frst64 log file

Scan result of Farbar Recovery Scan Tool Version: 25-05-2012
Ran by SYSTEM at 27-05-2012 10:13:36
Running from F:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI [1589208 2010-12-01] (PC Tools)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Guest\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-06-21] (Google Inc.)
HKU\Owner\...\Run: [EPSON610C23] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEKA.EXE /FU "C:\Windows\TEMP\E_SD7FA.tmp" /EF "HKCU" [221696 2008-03-04] (SEIKO EPSON CORPORATION)
HKU\Owner\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-06-21] (Google Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 75.75.75.75
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
Startup: C:\Users\All Users\Start Menu\Programs\Startup\MRI_DISABLED ()

==================== Services (Whitelisted) ======

2 B4-Service; C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2CZZHE4\B4-Service.exe [1007472 2012-05-17] ()
3 CASprint; "C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe" /n "CASprint" [124184 2008-07-07] (PCTEL)
2 IviRegMgr; "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [112152 2007-01-04] (InterVideo)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
2 mgisvr; C:\Windows\System32\nmwcd.dll [6656 2008-01-20] (Oak Technology Inc.)
4 MSCSPTISRV; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" [53248 2008-05-20] (Sony Corporation)
2 MSSQL$ACT7; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe" -sACT7 [61913952 2010-05-05] (Microsoft Corporation)
4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [59744 2010-05-05] (Microsoft Corporation)
4 PACSPTISVR; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" [53248 2008-05-20] (Sony Corporation)
2 PSI_SVC_2; "C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [185632 2008-02-08] (Protexis Inc.)
4 QBCFMonitorService; "C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" [20480 2007-11-12] (Intuit)
4 QBFCService; "C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe" [61440 2007-05-24] (Intuit Inc.)
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
2 RtkAudioService; C:\Windows\RtkAudioService.exe [139808 2008-07-15] (Realtek Semiconductor)
2 Sage ACT! Scheduler; "C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe" [81920 2010-11-10] (Sage Software, Inc.)
3 SampleCollector; "C:\Program Files\Sony\VAIO Care\collsvc.exe" "/service" "/counter=\Processor(_Total)\% Processor Time:5" "/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5" "/counter=\Network Interface(*)\Bytes Total/sec:5" "/directory=inteldata" [167424 2009-09-16] (Intel Corporation)
2 sdAuxService; C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [366840 2010-03-15] (PC Tools)
2 sdCoreService; C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [1150936 2010-11-19] (PC Tools)
4 SOHCImp; "C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe" [103712 2008-05-20] (Sony Corporation)
3 SOHDms; "C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe" [353568 2008-05-20] (Sony Corporation)
4 SOHDs; "C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe" [62752 2008-05-20] (Sony Corporation)
3 SprintRcAppSvc; "C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe" /n "SprintRcAppSvc" [111896 2008-07-07] (PCTEL)
4 SPTISRV; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe" [77824 2008-05-20] (Sony Corporation)
4 SQLAgent$ACT7; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE" -i ACT7 [428384 2010-05-05] (Microsoft Corporation)
2 SQLBrowser; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [267616 2010-04-03] (Microsoft Corporation)
2 SQLWriter; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [146272 2010-04-03] (Microsoft Corporation)
3 ThreatFire; C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [70928 2010-12-02] (PC Tools)
2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [104960 2008-03-25] (ArcSoft, Inc.)
4 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [73728 2008-05-22] (Sony Corporation)
4 VAIO Event Service; C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-28] (Sony Corporation)
4 VAIO Power Management; "C:\Program Files\Sony\VAIO Power Management\SPMService.exe" [407392 2008-08-06] (Sony Corporation)
4 VCFw; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [415744 2008-06-20] (Sony Corporation)
4 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [337184 2008-06-11] (Sony Corporation)
4 VcmXmlIfHelper; "C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe" [107808 2008-06-11] (Sony Corporation)
4 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [279848 2008-06-19] (Sony Corporation)
4 VzCdbSvc; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [192512 2008-05-22] (Sony Corporation)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19456 2008-01-30] (ArcSoft, Inc.)
1 DMICall; C:\Windows\SysWow64\Drivers\DMICall.sys [10216 2008-07-11] (Sony Corporation)
3 HSFHWAZL; C:\Windows\System32\DRIVERS\VSTAZL6.SYS [286720 2008-01-20] (Conexant Systems, Inc.)
3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [126976 2008-08-08] (Intel® Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
3 NWADI; C:\Windows\System32\DRIVERS\NWADIenum.sys [247808 2008-10-15] (Novatel Wireless Inc)
3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2007-10-12] (Printing Communications Assoc., Inc. (PCAUSA))
0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [257232 2010-11-25] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [452872 2010-06-29] (PC Tools)
0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [816016 2010-07-16] (PC Tools)
1 pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi64.sys [331368 2010-11-17] (PC Tools)
3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [43032 2008-07-07] (PCTEL Inc.)
3 pctplsg; \??\C:\Windows\System32\drivers\pctplsg64.sys [92896 2010-11-25] (PC Tools)
3 rimsptsk; C:\Windows\System32\DRIVERS\rimssn64.sys [85504 2008-06-25] (REDC)
2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [64512 2008-07-17] (REDC)
4 RsFx0150; C:\Windows\System32\Drivers\RsFx0150.sys [313696 2010-04-03] (Microsoft Corporation)
3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIVX.sys [176928 2008-08-01] (Realtek Semiconductor Corp.)
3 swmsflt; C:\Windows\System32\Drivers\swmsflt.sys [31880 2009-03-06] ()
3 swmsflt; C:\Windows\SysWow64\Drivers\swmsflt.sys [31880 2009-03-06] ()
3 SWNC5E00; C:\Windows\System32\Drivers\SWNC5E00.sys [202248 2009-12-02] (Sierra Wireless Inc.)
0 TfFsMon; C:\Windows\System32\Drivers\TfFsMon.sys [65072 2010-12-02] (PC Tools)
3 TfNetMon; C:\Windows\System32\Drivers\TfNetMon.sys [41888 2010-12-02] (PC Tools)
0 TFSysMon; C:\Windows\System32\Drivers\TFSysMon.sys [75336 2010-12-02] (PC Tools)
3 ACDaemon; [x]
3 IpInIp; [x]
3 NwlnkFlt; [x]
3 NwlnkFwd; [x]
2 regi; \??\C:\Windows\system32\drivers\regi.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: mgisvr

============ One Month Created Files and Folders ==============

2012-05-27 09:03 - 2012-05-27 09:23 - 0000000 ____D C:\FRST
2012-05-26 06:33 - 2012-05-07 08:05 - 0001398 _RASH C:\Windows\System32\Drivers\etc\hosts.20120526-103304.backup
2012-05-26 06:30 - 2012-05-26 06:30 - 0000000 ____D C:\Users\Owner\AppData\Roaming\PCTools
2012-05-26 06:17 - 2010-12-02 07:33 - 0075336 ____S (PC Tools) C:\Windows\System32\Drivers\TfSysMon.sys
2012-05-26 06:17 - 2010-12-02 07:33 - 0065072 ____S (PC Tools) C:\Windows\System32\Drivers\TfFsMon.sys
2012-05-26 06:17 - 2010-12-02 07:33 - 0041888 ____S (PC Tools) C:\Windows\System32\Drivers\TfNetMon.sys
2012-05-26 06:00 - 2012-05-26 09:36 - 0000000 ____D C:\Program Files (x86)\PC Tools Security
2012-05-26 06:00 - 2012-05-26 06:17 - 0000000 ____D C:\Users\All Users\PC Tools
2012-05-26 06:00 - 2012-05-26 06:01 - 3056846 ____A C:\Windows\System32\Drivers\Cat.DB
2012-05-26 06:00 - 2012-05-26 06:00 - 0435110 ____A C:\Users\Owner\AppData\Local\dd_vcredistMSI72EB.txt
2012-05-26 06:00 - 2012-05-26 06:00 - 0015734 ____A C:\Users\Owner\AppData\Local\dd_vcredistUI72EB.txt
2012-05-26 06:00 - 2012-05-26 06:00 - 0014938 ____A C:\Users\Owner\AppData\Local\dd_vcredistUI72EC.txt
2012-05-26 06:00 - 2012-05-26 06:00 - 0001840 ____A C:\Users\Public\Desktop\Spyware Doctor.lnk
2012-05-26 06:00 - 2012-05-26 06:00 - 0000000 ____D C:\Users\Owner\AppData\Roaming\PC Tools
2012-05-26 06:00 - 2010-11-25 06:43 - 0257232 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
2012-05-26 06:00 - 2010-11-25 06:42 - 0092896 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
2012-05-26 06:00 - 2010-11-17 06:20 - 0331368 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
2012-05-26 06:00 - 2010-11-17 06:20 - 0136168 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
2012-05-26 06:00 - 2010-07-16 10:53 - 0816016 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA64.sys
2012-05-26 06:00 - 2010-06-29 06:35 - 0452872 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS64.sys
2012-05-26 05:55 - 2012-05-26 09:37 - 0001982 ____A C:\Windows\PFRO.log
2012-05-26 04:27 - 2012-05-26 04:27 - 0001096 ____A C:\tmsgr_s0.bmp
2012-05-26 04:27 - 2012-05-26 04:27 - 0001028 ____A C:\tmsgr_s1.bmp
2012-05-26 04:27 - 2012-05-26 04:27 - 0001028 ____A C:\msgr_on.bmp
2012-05-26 04:27 - 2012-05-26 04:27 - 0000380 ____A C:\edu.bmp
2012-05-26 04:27 - 2012-05-26 04:27 - 0000304 ____A C:\dir.bmp
2012-05-26 04:27 - 2012-05-26 04:27 - 0000284 ____A C:\srch_map_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000279 ____A C:\hj_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000277 ____A C:\mov_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000274 ____A C:\trav_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000273 ____A C:\srch_stk_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000268 ____A C:\ab_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000265 ____A C:\srch_ans_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000240 ____A C:\srch_site_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000235 ____A C:\srch_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000138 ____A C:\flk2.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000131 ____A C:\srch_loc_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000123 ____A C:\srch_sh_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000121 ____A C:\srch_nws_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000113 ____A C:\srch_aud_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000112 ____A C:\srch_vid_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000112 ____A C:\srch_img_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000103 ____A C:\del_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000000 ____D C:\w
2012-05-26 04:27 - 2012-05-26 04:27 - 0000000 ____D C:\skins
2012-05-26 04:27 - 2012-05-26 04:27 - 0000000 ____D C:\e
2012-05-26 04:27 - 2012-05-26 04:27 - 0000000 ____D C:\Data
2012-05-26 04:07 - 2012-05-26 04:07 - 0000000 ____A C:\Windows\setuperr.log
2012-05-26 04:07 - 2012-05-26 04:07 - 0000000 ____A C:\Windows\setupact.log
2012-05-25 18:01 - 2012-05-07 08:05 - 0001398 _RASH C:\Windows\System32\Drivers\etc\hosts.20120525-220139.backup
2012-05-25 17:58 - 2012-05-07 08:05 - 0001398 _RASH C:\Windows\System32\Drivers\etc\hosts.20120525-215846.backup
2012-05-25 17:58 - 2012-05-07 08:05 - 0001398 _RASH C:\Windows\System32\Drivers\etc\hosts.20120525-215830.backup
2012-05-25 17:17 - 2012-05-27 03:38 - 2059948 ____A C:\Windows\ntbtlog.txt
2012-05-25 17:13 - 2012-05-26 09:35 - 0019849 ____A C:\Windows\WindowsUpdate.log
2012-05-20 09:25 - 2012-05-25 17:30 - 0001281 ____A C:\Windows\System32\Drivers\etc\hosts.new
2012-05-20 09:22 - 2012-05-20 09:24 - 0000044 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2012-05-17 12:22 - 2012-05-17 12:22 - 0001922 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-05-17 12:09 - 2012-05-17 12:09 - 0000000 ____D C:\Users\Owner\AppData\Local\BeamYourScreen4
2012-05-13 10:04 - 2012-05-13 10:04 - 0464892 ____A C:\Users\Owner\AppData\Local\dd_vcredistMSI358F.txt
2012-05-13 10:04 - 2012-05-13 10:04 - 0217962 ____A C:\Users\Owner\AppData\Local\dd_vcredistUI358F.txt
2012-05-09 08:36 - 2012-05-13 17:09 - 0000000 ____D C:\Users\All Users\F4D55F3E000435DB000C11D3570F1C8B
2012-05-07 08:05 - 2012-05-20 09:32 - 0000732 ____A C:\Windows\System32\Drivers\etc\host.old..txt
2012-05-07 08:05 - 2012-05-07 08:05 - 0001398 _RASH C:\Windows\System32\Drivers\etc\hosts.20120526-103224.backup
2012-05-07 08:05 - 2012-05-07 08:05 - 0001398 _RASH C:\Windows\System32\Drivers\etc\hosts.20120525-215744.backup
2012-05-07 08:05 - 2012-05-07 08:05 - 0001398 _RASH C:\Windows\System32\Drivers\etc\hosts.20120517-235957.backup
2012-05-07 08:05 - 2012-05-07 08:05 - 0001398 _RASH C:\Windows\System32\Drivers\etc\hosts
2012-05-06 17:10 - 2012-05-24 05:18 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-06 17:09 - 2012-05-06 17:09 - 0000000 ____D C:\Windows\system64

============ 3 Months Modified Files and Folders =============

2012-05-27 09:23 - 2012-05-27 09:03 - 0000000 ____D C:\FRST
2012-05-27 03:38 - 2012-05-25 17:17 - 2059948 ____A C:\Windows\ntbtlog.txt
2012-05-26 09:37 - 2012-05-26 05:55 - 0001982 ____A C:\Windows\PFRO.log
2012-05-26 09:36 - 2012-05-26 06:00 - 0000000 ____D C:\Program Files (x86)\PC Tools Security
2012-05-26 09:36 - 2006-11-02 07:22 - 0003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-26 09:35 - 2012-05-25 17:13 - 0019849 ____A C:\Windows\WindowsUpdate.log
2012-05-26 09:35 - 2008-08-12 12:22 - 0000012 ____A C:\Windows\bthservsdp.dat
2012-05-26 09:35 - 2006-11-02 07:42 - 0032552 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-26 09:35 - 2006-11-02 07:42 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-26 09:35 - 2006-11-02 07:22 - 0003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-26 06:30 - 2012-05-26 06:30 - 0000000 ____D C:\Users\Owner\AppData\Roaming\PCTools
2012-05-26 06:27 - 2011-04-22 07:04 - 0002559 ____A C:\Users\Owner\Desktop\HiJackThis.lnk
2012-05-26 06:19 - 2006-11-02 04:46 - 0792490 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-26 06:17 - 2012-05-26 06:00 - 0000000 ____D C:\Users\All Users\PC Tools
2012-05-26 06:01 - 2012-05-26 06:00 - 3056846 ____A C:\Windows\System32\Drivers\Cat.DB
2012-05-26 06:00 - 2012-05-26 06:00 - 0435110 ____A C:\Users\Owner\AppData\Local\dd_vcredistMSI72EB.txt
2012-05-26 06:00 - 2012-05-26 06:00 - 0015734 ____A C:\Users\Owner\AppData\Local\dd_vcredistUI72EB.txt
2012-05-26 06:00 - 2012-05-26 06:00 - 0014938 ____A C:\Users\Owner\AppData\Local\dd_vcredistUI72EC.txt
2012-05-26 06:00 - 2012-05-26 06:00 - 0001840 ____A C:\Users\Public\Desktop\Spyware Doctor.lnk
2012-05-26 06:00 - 2012-05-26 06:00 - 0000000 ____D C:\Users\Owner\AppData\Roaming\PC Tools
2012-05-26 05:59 - 2011-10-18 09:51 - 0001945 ____A C:\Windows\epplauncher.mif
2012-05-26 04:27 - 2012-05-26 04:27 - 0001096 ____A C:\tmsgr_s0.bmp
2012-05-26 04:27 - 2012-05-26 04:27 - 0001028 ____A C:\tmsgr_s1.bmp
2012-05-26 04:27 - 2012-05-26 04:27 - 0001028 ____A C:\msgr_on.bmp
2012-05-26 04:27 - 2012-05-26 04:27 - 0000380 ____A C:\edu.bmp
2012-05-26 04:27 - 2012-05-26 04:27 - 0000304 ____A C:\dir.bmp
2012-05-26 04:27 - 2012-05-26 04:27 - 0000284 ____A C:\srch_map_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000279 ____A C:\hj_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000277 ____A C:\mov_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000274 ____A C:\trav_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000273 ____A C:\srch_stk_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000268 ____A C:\ab_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000265 ____A C:\srch_ans_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000240 ____A C:\srch_site_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000235 ____A C:\srch_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000138 ____A C:\flk2.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000131 ____A C:\srch_loc_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000123 ____A C:\srch_sh_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000121 ____A C:\srch_nws_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000113 ____A C:\srch_aud_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000112 ____A C:\srch_vid_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000112 ____A C:\srch_img_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000103 ____A C:\del_1.gif
2012-05-26 04:27 - 2012-05-26 04:27 - 0000000 ____D C:\w
2012-05-26 04:27 - 2012-05-26 04:27 - 0000000 ____D C:\skins
2012-05-26 04:27 - 2012-05-26 04:27 - 0000000 ____D C:\e
2012-05-26 04:27 - 2012-05-26 04:27 - 0000000 ____D C:\Data
2012-05-26 04:07 - 2012-05-26 04:07 - 0000000 ____A C:\Windows\setuperr.log
2012-05-26 04:07 - 2012-05-26 04:07 - 0000000 ____A C:\Windows\setupact.log
2012-05-25 17:30 - 2012-05-20 09:25 - 0001281 ____A C:\Windows\System32\Drivers\etc\hosts.new
2012-05-25 17:30 - 2010-06-04 13:46 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-05-25 16:57 - 2009-08-24 07:58 - 0000000 ____D C:\Users\Owner\Documents\Exercise
2012-05-24 05:18 - 2012-05-06 17:10 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-23 06:02 - 2009-02-10 07:29 - 0030696 ____A C:\Users\Owner\Documents\Potential Bills.xlsx
2012-05-20 09:32 - 2012-05-07 08:05 - 0000732 ____A C:\Windows\System32\Drivers\etc\host.old..txt
2012-05-20 09:24 - 2012-05-20 09:22 - 0000044 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2012-05-17 20:01 - 2010-08-02 11:19 - 0027566 ____A C:\test.xml
2012-05-17 19:10 - 2008-12-04 09:21 - 0000000 ____D C:\Users\Owner\AppData\LocalLow
2012-05-17 12:25 - 2008-08-12 13:16 - 0000000 ____D C:\Users\All Users\Adobe
2012-05-17 12:24 - 2008-12-07 18:11 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2012-05-17 12:22 - 2012-05-17 12:22 - 0001922 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-05-17 12:22 - 2008-08-12 13:16 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-05-17 12:09 - 2012-05-17 12:09 - 0000000 ____D C:\Users\Owner\AppData\Local\BeamYourScreen4
2012-05-14 08:20 - 2010-04-09 07:00 - 0000000 ____D C:\Users\Owner\Documents\AMG Network
2012-05-14 04:21 - 2009-04-07 06:23 - 0000000 ____D C:\Windows\Minidump
2012-05-14 04:20 - 2011-10-18 08:45 - 0000770 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-05-14 04:20 - 2010-11-30 12:45 - 0000000 ____D C:\Program Files\CCleaner
2012-05-13 17:15 - 2010-11-30 11:43 - 0000000 ____D C:\users\Administrator
2012-05-13 17:15 - 2009-12-25 09:01 - 0000000 ____D C:\users\Guest
2012-05-13 17:15 - 2006-11-02 04:33 - 73662464 ____A C:\Windows\System32\config\software_previous
2012-05-13 17:14 - 2009-11-11 18:45 - 0000000 ____D C:\Users\All Users\Yahoo! Companion
2012-05-13 17:14 - 2006-11-02 07:07 - 0000000 ____D C:\Program Files\Windows Photo Gallery
2012-05-13 17:14 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-05-13 17:14 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\spool
2012-05-13 17:14 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\Msdtc
2012-05-13 17:14 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\migwiz
2012-05-13 17:13 - 2011-10-18 09:00 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-13 17:13 - 2011-02-08 06:42 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-13 17:13 - 2008-08-29 18:20 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-13 17:13 - 2008-08-29 18:15 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-05-13 17:13 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\registration
2012-05-13 17:13 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-05-13 17:09 - 2012-05-09 08:36 - 0000000 ____D C:\Users\All Users\F4D55F3E000435DB000C11D3570F1C8B
2012-05-13 17:00 - 2009-07-16 02:16 - 33554432 ____A C:\Windows\System32\config\system_previous
2012-05-13 16:09 - 2008-12-04 09:21 - 0000000 ____D C:\users\Owner
2012-05-13 16:09 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-13 10:04 - 2012-05-13 10:04 - 0464892 ____A C:\Users\Owner\AppData\Local\dd_vcredistMSI358F.txt
2012-05-13 10:04 - 2012-05-13 10:04 - 0217962 ____A C:\Users\Owner\AppData\Local\dd_vcredistUI358F.txt
2012-05-13 09:44 - 2008-12-08 21:37 - 0000000 ____D C:\Users\Owner\AppData\Local\Adobe
2012-05-10 21:53 - 2006-11-02 04:33 - 0524288 ____A C:\Windows\System32\config\default_previous
2012-05-10 21:50 - 2006-11-02 04:33 - 50855936 ____A C:\Windows\System32\config\components_previous
2012-05-10 21:31 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\sam_previous
2012-05-10 21:28 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\security_previous
2012-05-10 17:59 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\ModemLogs
2012-05-10 17:55 - 2010-12-08 19:05 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Winamp
2012-05-10 17:09 - 2011-02-03 17:56 - 0000000 ____D C:\Users\Owner\AppData\Roaming\ACT
2012-05-07 08:05 - 2012-05-26 06:33 - 0001398 _RASH C:\Windows\System32\Drivers\etc\hosts.20120526-103304.backup
2012-05-07 08:05 - 2012-05-25 18:01 - 0001398 _RASH C:\Windows\System32\Drivers\etc\hosts.20120525-220139.backup
2012-05-07 08:05 - 2012-05-25 17:58 - 0001398 _RASH C:\Windows\System32\Drivers\etc\hosts.20120525-215846.backup
2012-05-07 08:05 - 2012-05-25 17:58 - 0001398 _RASH C:\Windows\System32\Drivers\etc\hosts.20120525-215830.backup
2012-05-07 08:05 - 2012-05-07 08:05 - 0001398 _RASH C:\Windows\System32\Drivers\etc\hosts.20120526-103224.backup
2012-05-07 08:05 - 2012-05-07 08:05 - 0001398 _RASH C:\Windows\System32\Drivers\etc\hosts.20120525-215744.backup
2012-05-07 08:05 - 2012-05-07 08:05 - 0001398 _RASH C:\Windows\System32\Drivers\etc\hosts.20120517-235957.backup
2012-05-07 08:05 - 2012-05-07 08:05 - 0001398 _RASH C:\Windows\System32\Drivers\etc\hosts
2012-05-06 17:09 - 2012-05-06 17:09 - 0000000 ____D C:\Windows\system64
2012-04-23 13:31 - 2008-12-11 16:02 - 0000000 ____D C:\Users\Owner\Documents\Asil Management Group


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0028160 ____A (Microsoft Corporation) A0AB2BB9A92293D9CE66E252719AB5FE

C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3934.11 MB
Available physical RAM: 3361.87 MB
Total Pagefile: 3662.91 MB
Available Pagefile: 3337.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:222.78 GB) (Free:148.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (Recovery) (Fixed) (Total:10.11 GB) (Free:0.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (WINKEY) (Removable) (Total:0.24 GB) (Free:0.2 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 246 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 10 GB 1024 KB
Partition 2 Primary 223 GB 10 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 10 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 223 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 243 MB 32 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F WINKEY NTFS Removable 243 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-26 06:04

======================= End Of Log =========================

Attached File  FRST.txt   27.44KB   0 downloads

thanks in advance
Mojomike

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:29 PM

Posted 27 May 2012 - 10:23 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ATTENTION! ====> ZeroAccess
2 mgisvr; C:\Windows\System32\nmwcd.dll [6656 2008-01-20] (Oak Technology Inc.)
C:\Windows\System32\nmwcd.dll
NETSVC: mgisvr

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mojomike

mojomike
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 27 May 2012 - 12:01 PM

Dear Gringo,

thank you for your quick reply and instruction set of rules.

did what you told me and here is the log file results


Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 25-05-2012
Ran by SYSTEM at 2012-05-27 12:58:06 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
mgisvr service deleted successfully.
C:\Windows\System32\nmwcd.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs mgisvr Deleted successfully.

==== End of Fixlog ====



Thanks in advance
Mojomike

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:29 PM

Posted 27 May 2012 - 12:23 PM

is the computer booting now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mojomike

mojomike
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 27 May 2012 - 12:37 PM

Will advise shortly,
did not read the remark to re-boot system

#6 mojomike

mojomike
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 27 May 2012 - 12:52 PM

Windows vista has rebooted. still have a few issues, have a host file issue that needs resolution. but at least we have a starting platform.

now to kill off the BSO's

what next o' destroyer of virus

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:29 PM

Posted 27 May 2012 - 01:37 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 mojomike

mojomike
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 27 May 2012 - 02:48 PM

Hi Gringo,

The computer seems better, slightly faster on the boot but that's observation and not fact with number.

Took a quick look with search & destroy to check if the hosts file were still locked and yes

otherwise we are stable as we speak.

here is the combofix log file

ComboFix 12-05-27.02 - Owner 05/27/2012 14:51:53.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3934.2408 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\4D4D02C21C.sys
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Owner\AppData\Local\assembly\tmp
c:\users\Owner\g2mdlhlpx.exe
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\drivers\etc\hosts.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
.
.
2012-05-27 19:17 . 2012-05-27 19:30 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-05-27 18:27 . 2012-05-27 18:27 -------- d-----w- c:\programdata\Sprint
2012-05-27 18:04 . 2012-05-11 14:07 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-05-27 18:04 . 2012-05-11 14:07 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-05-27 18:04 . 2012-05-11 14:07 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-05-27 18:02 . 2012-05-27 18:02 -------- d-----w- c:\users\Owner\AppData\Local\Threat Expert
2012-05-27 17:57 . 2012-05-08 22:21 85192 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-05-27 17:57 . 2012-05-08 22:21 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-05-27 17:57 . 2012-05-08 22:21 2267064 ----a-w- c:\windows\PCTBDCore.dll
2012-05-27 17:57 . 2012-05-08 22:21 1681336 ----a-w- c:\windows\PCTBDRes.dll
2012-05-27 17:57 . 2012-05-08 22:21 767928 ----a-w- c:\windows\BDTSupport.dll
2012-05-27 17:57 . 2012-05-11 15:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-05-27 17:57 . 2012-05-11 15:13 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-05-27 17:56 . 2012-05-27 17:56 -------- d-----w- c:\users\Owner\AppData\Roaming\TestApp
2012-05-26 14:30 . 2012-05-26 14:30 -------- d-----w- c:\users\Owner\AppData\Roaming\PCTools
2012-05-26 14:00 . 2012-02-28 15:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-05-26 14:00 . 2012-02-28 15:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-05-26 14:00 . 2012-05-11 15:09 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-05-26 14:00 . 2012-05-11 15:08 341168 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-05-26 14:00 . 2012-04-23 16:36 426616 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-05-26 14:00 . 2012-05-11 15:14 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-05-26 14:00 . 2012-05-27 18:45 -------- d-----w- c:\program files (x86)\PC Tools Security
2012-05-26 14:00 . 2012-05-27 18:04 -------- d-----w- c:\programdata\PC Tools
2012-05-26 14:00 . 2012-05-26 14:02 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-05-26 14:00 . 2012-05-26 14:00 -------- d-----w- c:\users\Owner\AppData\Roaming\PC Tools
2012-05-26 12:27 . 2012-05-26 12:27 -------- d-----w- C:\w
2012-05-26 12:27 . 2012-05-26 12:27 -------- d-----w- C:\skins
2012-05-26 12:27 . 2012-05-26 12:27 -------- d-----w- C:\e
2012-05-26 12:27 . 2012-05-26 12:27 -------- d-----w- C:\Data
2012-05-17 20:09 . 2012-05-17 20:09 -------- d-----w- c:\users\Owner\AppData\Local\BeamYourScreen4
2012-05-09 16:36 . 2012-05-14 01:09 -------- d-----w- c:\programdata\F4D55F3E000435DB000C11D3570F1C8B
2012-05-07 01:09 . 2012-05-07 01:09 -------- d-----we c:\windows\system64
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 21:47 . 2012-05-27 17:57 3488 ----a-w- c:\windows\UDB.zip
2012-05-08 21:47 . 2012-05-27 17:57 131 ----a-w- c:\windows\IDB.zip
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-13 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-29 00:45 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AML]
2008-06-13 22:07 1097728 ----a-w- c:\program files (x86)\Sony\VAIO Launcher\AML.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2008-04-04 03:03 317280 ----a-w- c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartWiHelper]
2008-06-27 20:45 77824 ----a-w- c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIORegistration]
2008-06-26 21:42 16384 ----a-w- c:\program files\Sony\First Experience\WelcomeLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2008-07-25 18:21 385024 ----a-w- c:\program files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VWLASU]
2008-05-20 20:48 24576 ----a-w- c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-15 6453760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 75.75.75.75
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-VAIOMyMemCenter - c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe
AddRemove-YInstHelper - c:\windows\system32\regsvr32
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\FLAGS]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\HELPDIR]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\FLAGS]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\HELPDIR]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-05-27 15:34:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-27 19:34
.
Pre-Run: 158,067,875,840 bytes free
Post-Run: 157,725,577,216 bytes free
.
- - End Of File - - 128BDF83A374F5845D84B9D9B9546F05

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:29 PM

Posted 27 May 2012 - 03:55 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 mojomike

mojomike
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 27 May 2012 - 05:23 PM

Hi Gringo,
enclosed are the 2 log files ...

problems that have cropped up are
a) internet explore does not find the web BUT
B) Internet explore 64bit does ... very weird but you said to report anything that would be a clue
have not tested any other platform nor have I tested the hosts file issue yet

Mojomike


log file for TDSSKiller.2.7.37.0_27.05.2012_18.05.44_log.txt

18:05:44.0126 3280 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
18:05:44.0157 3280 ============================================================
18:05:44.0157 3280 Current date / time: 2012/05/27 18:05:44.0157
18:05:44.0157 3280 SystemInfo:
18:05:44.0157 3280
18:05:44.0157 3280 OS Version: 6.0.6002 ServicePack: 2.0
18:05:44.0157 3280 Product type: Workstation
18:05:44.0173 3280 ComputerName: OWNER-PC
18:05:44.0173 3280 UserName: Owner
18:05:44.0173 3280 Windows directory: C:\Windows
18:05:44.0173 3280 System windows directory: C:\Windows
18:05:44.0173 3280 Running under WOW64
18:05:44.0173 3280 Processor architecture: Intel x64
18:05:44.0173 3280 Number of processors: 2
18:05:44.0173 3280 Page size: 0x1000
18:05:44.0173 3280 Boot type: Normal boot
18:05:44.0173 3280 ============================================================
18:05:44.0610 3280 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:05:44.0625 3280 Drive \Device\Harddisk3\DR3 - Size: 0xF600000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:05:44.0625 3280 ============================================================
18:05:44.0625 3280 \Device\Harddisk0\DR0:
18:05:44.0625 3280 MBR partitions:
18:05:44.0625 3280 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1436800, BlocksNum 0x1BD8E970
18:05:44.0625 3280 \Device\Harddisk3\DR3:
18:05:44.0641 3280 MBR partitions:
18:05:44.0641 3280 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x79920
18:05:44.0641 3280 ============================================================
18:05:44.0750 3280 C: <-> \Device\Harddisk0\DR0\Partition0
18:05:44.0750 3280 ============================================================
18:05:44.0750 3280 Initialize success
18:05:44.0750 3280 ============================================================
18:06:00.0428 1872 ============================================================
18:06:00.0428 1872 Scan started
18:06:00.0428 1872 Mode: Manual;
18:06:00.0428 1872 ============================================================
18:06:01.0192 1872 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
18:06:01.0192 1872 ACPI - ok
18:06:01.0317 1872 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:06:01.0317 1872 AdobeARMservice - ok
18:06:01.0442 1872 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
18:06:01.0458 1872 adp94xx - ok
18:06:01.0504 1872 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
18:06:01.0520 1872 adpahci - ok
18:06:01.0551 1872 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
18:06:01.0551 1872 adpu160m - ok
18:06:01.0582 1872 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
18:06:01.0598 1872 adpu320 - ok
18:06:01.0645 1872 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
18:06:01.0645 1872 AeLookupSvc - ok
18:06:01.0738 1872 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
18:06:01.0754 1872 AFD - ok
18:06:01.0801 1872 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
18:06:01.0801 1872 agp440 - ok
18:06:01.0832 1872 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
18:06:01.0832 1872 aic78xx - ok
18:06:01.0863 1872 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
18:06:01.0863 1872 ALG - ok
18:06:01.0879 1872 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
18:06:01.0879 1872 aliide - ok
18:06:01.0894 1872 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
18:06:01.0910 1872 amdide - ok
18:06:01.0926 1872 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
18:06:01.0926 1872 AmdK8 - ok
18:06:02.0066 1872 ApfiltrService (22fecb5b3de1eb8b1b2761338922f681) C:\Windows\system32\DRIVERS\Apfiltr.sys
18:06:02.0066 1872 ApfiltrService - ok
18:06:02.0097 1872 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
18:06:02.0097 1872 Appinfo - ok
18:06:02.0175 1872 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
18:06:02.0175 1872 arc - ok
18:06:02.0253 1872 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
18:06:02.0253 1872 arcsas - ok
18:06:02.0284 1872 ArcSoftKsUFilter (59d2ba1b18f14d0b49b830dc452261b0) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
18:06:02.0284 1872 ArcSoftKsUFilter - ok
18:06:02.0316 1872 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
18:06:02.0316 1872 AsyncMac - ok
18:06:02.0347 1872 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
18:06:02.0347 1872 atapi - ok
18:06:03.0080 1872 atikmdag (f3631ca5f0309ee4f941ea1e37e5ca60) C:\Windows\system32\DRIVERS\atikmdag.sys
18:06:03.0345 1872 atikmdag - ok
18:06:03.0735 1872 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
18:06:03.0751 1872 AudioEndpointBuilder - ok
18:06:03.0766 1872 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
18:06:03.0782 1872 AudioSrv - ok
18:06:03.0938 1872 B4-Service - ok
18:06:04.0016 1872 Beep - ok
18:06:04.0156 1872 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
18:06:04.0188 1872 BFE - ok
18:06:04.0671 1872 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
18:06:04.0749 1872 BITS - ok
18:06:05.0077 1872 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
18:06:05.0108 1872 blbdrive - ok
18:06:05.0139 1872 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
18:06:05.0139 1872 bowser - ok
18:06:05.0170 1872 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
18:06:05.0170 1872 BrFiltLo - ok
18:06:05.0202 1872 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
18:06:05.0202 1872 BrFiltUp - ok
18:06:05.0248 1872 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
18:06:05.0248 1872 Browser - ok
18:06:05.0810 1872 Browser Defender Update Service (7229b58039d5a9338ad633e8ab60619c) C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
18:06:05.0826 1872 Browser Defender Update Service - ok
18:06:05.0935 1872 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
18:06:05.0950 1872 Brserid - ok
18:06:05.0966 1872 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
18:06:05.0982 1872 BrSerWdm - ok
18:06:06.0060 1872 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
18:06:06.0060 1872 BrUsbMdm - ok
18:06:06.0122 1872 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
18:06:06.0122 1872 BrUsbSer - ok
18:06:06.0169 1872 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys
18:06:06.0169 1872 BthEnum - ok
18:06:06.0216 1872 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
18:06:06.0231 1872 BTHMODEM - ok
18:06:06.0278 1872 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
18:06:06.0294 1872 BthPan - ok
18:06:06.0465 1872 BTHPORT (e1466882252ff51edde48c3f7eda2591) C:\Windows\system32\Drivers\BTHport.sys
18:06:06.0496 1872 BTHPORT - ok
18:06:06.0528 1872 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
18:06:06.0528 1872 BthServ - ok
18:06:06.0559 1872 BTHUSB (970192cded77a128e7e30722e5ee6b9c) C:\Windows\system32\Drivers\BTHUSB.sys
18:06:06.0559 1872 BTHUSB - ok
18:06:06.0621 1872 btwaudio (243661bc849eb1a7ad141680ae62886a) C:\Windows\system32\drivers\btwaudio.sys
18:06:06.0637 1872 btwaudio - ok
18:06:06.0652 1872 btwavdt (89c6567ebd92bbd2961c634604d6670f) C:\Windows\system32\drivers\btwavdt.sys
18:06:06.0652 1872 btwavdt - ok
18:06:07.0058 1872 btwdins (f1e307cd7db62855fc0304605278f61f) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
18:06:07.0074 1872 btwdins - ok
18:06:07.0230 1872 btwl2cap (09baf40735007bde7dd95830afcefd26) C:\Windows\system32\DRIVERS\btwl2cap.sys
18:06:07.0230 1872 btwl2cap - ok
18:06:07.0261 1872 btwrchid (2bbf56e2114fabf63c3d00828fc3c86c) C:\Windows\system32\DRIVERS\btwrchid.sys
18:06:07.0261 1872 btwrchid - ok
18:06:07.0276 1872 catchme - ok
18:06:07.0323 1872 CAXHWAZL (fdb53a8d3bc52dc29884587e768e3388) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
18:06:07.0339 1872 CAXHWAZL - ok
18:06:07.0386 1872 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
18:06:07.0386 1872 cdfs - ok
18:06:07.0417 1872 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
18:06:07.0432 1872 cdrom - ok
18:06:07.0464 1872 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
18:06:07.0464 1872 CertPropSvc - ok
18:06:07.0495 1872 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
18:06:07.0495 1872 circlass - ok
18:06:07.0573 1872 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
18:06:07.0604 1872 CLFS - ok
18:06:07.0666 1872 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:06:07.0666 1872 clr_optimization_v2.0.50727_32 - ok
18:06:07.0713 1872 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:06:07.0729 1872 clr_optimization_v2.0.50727_64 - ok
18:06:07.0760 1872 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
18:06:07.0760 1872 CmBatt - ok
18:06:07.0791 1872 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
18:06:07.0791 1872 cmdide - ok
18:06:07.0822 1872 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
18:06:07.0822 1872 Compbatt - ok
18:06:07.0822 1872 COMSysApp - ok
18:06:07.0854 1872 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
18:06:07.0854 1872 crcdisk - ok
18:06:07.0885 1872 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
18:06:07.0900 1872 CryptSvc - ok
18:06:08.0056 1872 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
18:06:08.0088 1872 DcomLaunch - ok
18:06:08.0166 1872 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
18:06:08.0166 1872 DfsC - ok
18:06:08.0665 1872 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
18:06:08.0774 1872 DFSR - ok
18:06:08.0930 1872 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
18:06:08.0930 1872 Dhcp - ok
18:06:08.0992 1872 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
18:06:08.0992 1872 disk - ok
18:06:09.0008 1872 DMICall - ok
18:06:09.0055 1872 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
18:06:09.0070 1872 Dnscache - ok
18:06:09.0117 1872 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
18:06:09.0133 1872 dot3svc - ok
18:06:09.0164 1872 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
18:06:09.0164 1872 DPS - ok
18:06:09.0195 1872 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
18:06:09.0195 1872 drmkaud - ok
18:06:09.0336 1872 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys
18:06:09.0367 1872 DXGKrnl - ok
18:06:09.0476 1872 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
18:06:09.0476 1872 E1G60 - ok
18:06:09.0538 1872 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
18:06:09.0538 1872 EapHost - ok
18:06:09.0585 1872 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
18:06:09.0585 1872 Ecache - ok
18:06:09.0679 1872 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
18:06:09.0694 1872 ehRecvr - ok
18:06:09.0726 1872 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
18:06:09.0726 1872 ehSched - ok
18:06:09.0741 1872 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
18:06:09.0741 1872 ehstart - ok
18:06:09.0819 1872 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
18:06:09.0835 1872 elxstor - ok
18:06:09.0960 1872 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
18:06:10.0006 1872 EMDMgmt - ok
18:06:10.0069 1872 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
18:06:10.0069 1872 EpsonBidirectionalService - ok
18:06:10.0147 1872 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
18:06:10.0147 1872 ErrDev - ok
18:06:10.0272 1872 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
18:06:10.0303 1872 EventSystem - ok
18:06:10.0568 1872 EvtEng (7cd2f2c63693ef90b73f5362a52cae26) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:06:10.0630 1872 EvtEng - ok
18:06:11.0020 1872 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
18:06:11.0036 1872 exfat - ok
18:06:11.0098 1872 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
18:06:11.0098 1872 fastfat - ok
18:06:11.0145 1872 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
18:06:11.0145 1872 fdc - ok
18:06:11.0208 1872 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
18:06:11.0208 1872 fdPHost - ok
18:06:11.0239 1872 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
18:06:11.0239 1872 FDResPub - ok
18:06:11.0270 1872 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
18:06:11.0286 1872 FileInfo - ok
18:06:11.0301 1872 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
18:06:11.0301 1872 Filetrace - ok
18:06:11.0332 1872 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:06:11.0332 1872 flpydisk - ok
18:06:11.0442 1872 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
18:06:11.0488 1872 FltMgr - ok
18:06:11.0598 1872 FontCache (fdf5f06efc8f98bac5fe8b216f93aa5e) C:\Windows\system32\FntCache.dll
18:06:11.0660 1872 FontCache - ok
18:06:11.0769 1872 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:06:11.0769 1872 FontCache3.0.0.0 - ok
18:06:11.0972 1872 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
18:06:11.0972 1872 Fs_Rec - ok
18:06:12.0097 1872 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
18:06:12.0097 1872 gagp30kx - ok
18:06:12.0222 1872 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
18:06:12.0253 1872 gpsvc - ok
18:06:12.0331 1872 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
18:06:12.0362 1872 HdAudAddService - ok
18:06:12.0502 1872 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:06:12.0612 1872 HDAudBus - ok
18:06:12.0892 1872 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
18:06:12.0892 1872 HidBth - ok
18:06:12.0924 1872 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
18:06:12.0939 1872 HidIr - ok
18:06:13.0002 1872 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
18:06:13.0002 1872 hidserv - ok
18:06:13.0033 1872 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
18:06:13.0033 1872 HidUsb - ok
18:06:13.0111 1872 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
18:06:13.0111 1872 hkmsvc - ok
18:06:13.0158 1872 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
18:06:13.0173 1872 HpCISSs - ok
18:06:13.0236 1872 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:06:13.0236 1872 HSFHWAZL - ok
18:06:13.0548 1872 HSF_DPV (e90d0e3d9715f3bec7db2d6321dddee8) C:\Windows\system32\DRIVERS\CAX_DPV.sys
18:06:13.0610 1872 HSF_DPV - ok
18:06:13.0938 1872 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
18:06:13.0969 1872 HTTP - ok
18:06:14.0031 1872 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
18:06:14.0047 1872 i2omp - ok
18:06:14.0078 1872 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
18:06:14.0078 1872 i8042prt - ok
18:06:14.0140 1872 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
18:06:14.0140 1872 iaStor - ok
18:06:14.0203 1872 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
18:06:14.0203 1872 iaStorV - ok
18:06:14.0328 1872 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:06:14.0374 1872 idsvc - ok
18:06:15.0716 1872 igfx (51d1fc6b0d4c3855a75d167da9d87bba) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:06:15.0950 1872 igfx - ok
18:06:16.0137 1872 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
18:06:16.0137 1872 iirsp - ok
18:06:16.0231 1872 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
18:06:16.0262 1872 IKEEXT - ok
18:06:16.0636 1872 IntcAzAudAddService (b3fb479a7c0626499eb5989bc087cf8d) C:\Windows\system32\drivers\RTKVHD64.sys
18:06:16.0652 1872 IntcAzAudAddService - ok
18:06:16.0933 1872 IntcHdmiAddService (bd37227c07179b1040a8896b9c0c146b) C:\Windows\system32\drivers\IntcHdmi.sys
18:06:16.0933 1872 IntcHdmiAddService - ok
18:06:16.0964 1872 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
18:06:16.0964 1872 intelide - ok
18:06:16.0995 1872 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
18:06:16.0995 1872 intelppm - ok
18:06:17.0058 1872 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
18:06:17.0058 1872 IPBusEnum - ok
18:06:17.0089 1872 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:06:17.0089 1872 IpFilterDriver - ok
18:06:17.0167 1872 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
18:06:17.0167 1872 iphlpsvc - ok
18:06:17.0182 1872 IpInIp - ok
18:06:17.0214 1872 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
18:06:17.0229 1872 IPMIDRV - ok
18:06:17.0260 1872 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
18:06:17.0260 1872 IPNAT - ok
18:06:17.0292 1872 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
18:06:17.0292 1872 IRENUM - ok
18:06:17.0323 1872 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
18:06:17.0323 1872 isapnp - ok
18:06:17.0385 1872 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
18:06:17.0401 1872 iScsiPrt - ok
18:06:17.0416 1872 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
18:06:17.0416 1872 iteatapi - ok
18:06:17.0448 1872 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
18:06:17.0448 1872 iteraid - ok
18:06:17.0541 1872 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
18:06:17.0541 1872 IviRegMgr - ok
18:06:17.0572 1872 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
18:06:17.0572 1872 kbdclass - ok
18:06:17.0588 1872 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:06:17.0588 1872 kbdhid - ok
18:06:17.0619 1872 KeyIso (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
18:06:17.0619 1872 KeyIso - ok
18:06:17.0838 1872 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
18:06:17.0869 1872 KSecDD - ok
18:06:17.0916 1872 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
18:06:17.0916 1872 ksthunk - ok
18:06:17.0962 1872 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
18:06:17.0978 1872 KtmRm - ok
18:06:18.0040 1872 LanmanServer (967d7cb076cd1969156247d03b92ceca) C:\Windows\System32\srvsvc.dll
18:06:18.0040 1872 LanmanServer - ok
18:06:18.0087 1872 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
18:06:18.0103 1872 LanmanWorkstation - ok
18:06:18.0134 1872 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
18:06:18.0134 1872 lltdio - ok
18:06:18.0196 1872 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
18:06:18.0228 1872 lltdsvc - ok
18:06:18.0259 1872 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
18:06:18.0259 1872 lmhosts - ok
18:06:18.0306 1872 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
18:06:18.0306 1872 LSI_FC - ok
18:06:18.0337 1872 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
18:06:18.0352 1872 LSI_SAS - ok
18:06:18.0368 1872 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
18:06:18.0368 1872 LSI_SCSI - ok
18:06:18.0399 1872 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
18:06:18.0415 1872 luafv - ok
18:06:18.0430 1872 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
18:06:18.0446 1872 MBAMProtector - ok
18:06:18.0742 1872 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:06:18.0758 1872 MBAMService - ok
18:06:18.0820 1872 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
18:06:18.0820 1872 Mcx2Svc - ok
18:06:18.0992 1872 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
18:06:18.0992 1872 MDM - ok
18:06:19.0054 1872 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:06:19.0054 1872 mdmxsdk - ok
18:06:19.0101 1872 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
18:06:19.0101 1872 megasas - ok
18:06:19.0164 1872 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
18:06:19.0179 1872 MegaSR - ok
18:06:19.0226 1872 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
18:06:19.0226 1872 MMCSS - ok
18:06:19.0242 1872 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
18:06:19.0242 1872 Modem - ok
18:06:19.0273 1872 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
18:06:19.0273 1872 monitor - ok
18:06:19.0304 1872 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
18:06:19.0304 1872 mouclass - ok
18:06:19.0335 1872 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
18:06:19.0335 1872 mouhid - ok
18:06:19.0351 1872 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
18:06:19.0351 1872 MountMgr - ok
18:06:19.0382 1872 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
18:06:19.0398 1872 mpio - ok
18:06:19.0429 1872 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
18:06:19.0429 1872 mpsdrv - ok
18:06:19.0569 1872 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
18:06:19.0616 1872 MpsSvc - ok
18:06:19.0897 1872 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
18:06:19.0912 1872 Mraid35x - ok
18:06:19.0944 1872 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
18:06:19.0959 1872 MRxDAV - ok
18:06:19.0990 1872 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:06:19.0990 1872 mrxsmb - ok
18:06:20.0115 1872 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:06:20.0146 1872 mrxsmb10 - ok
18:06:20.0162 1872 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:06:20.0162 1872 mrxsmb20 - ok
18:06:20.0224 1872 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
18:06:20.0224 1872 msahci - ok
18:06:20.0318 1872 MSCSPTISRV (a99d2c7e30ad63ef920a894131caf5f7) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
18:06:20.0318 1872 MSCSPTISRV - ok
18:06:20.0365 1872 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
18:06:20.0365 1872 msdsm - ok
18:06:20.0412 1872 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
18:06:20.0427 1872 MSDTC - ok
18:06:20.0443 1872 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
18:06:20.0458 1872 Msfs - ok
18:06:20.0474 1872 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
18:06:20.0474 1872 msisadrv - ok
18:06:20.0599 1872 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
18:06:20.0614 1872 MSiSCSI - ok
18:06:20.0630 1872 msiserver - ok
18:06:20.0677 1872 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
18:06:20.0692 1872 MSKSSRV - ok
18:06:20.0739 1872 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
18:06:20.0739 1872 MSPCLOCK - ok
18:06:20.0755 1872 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
18:06:20.0755 1872 MSPQM - ok
18:06:20.0848 1872 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
18:06:20.0848 1872 MsRPC - ok
18:06:20.0911 1872 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
18:06:20.0911 1872 mssmbios - ok
18:06:21.0129 1872 MSSQL$ACT7 - ok
18:06:21.0207 1872 MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
18:06:21.0207 1872 MSSQLServerADHelper100 - ok
18:06:21.0238 1872 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
18:06:21.0238 1872 MSTEE - ok
18:06:21.0316 1872 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
18:06:21.0316 1872 Mup - ok
18:06:21.0426 1872 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
18:06:21.0472 1872 napagent - ok
18:06:21.0535 1872 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
18:06:21.0535 1872 NativeWifiP - ok
18:06:21.0753 1872 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
18:06:21.0784 1872 NDIS - ok
18:06:21.0831 1872 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
18:06:21.0831 1872 NdisTapi - ok
18:06:21.0847 1872 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
18:06:21.0847 1872 Ndisuio - ok
18:06:21.0894 1872 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
18:06:21.0894 1872 NdisWan - ok
18:06:21.0925 1872 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
18:06:21.0925 1872 NDProxy - ok
18:06:21.0940 1872 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
18:06:21.0940 1872 NetBIOS - ok
18:06:21.0987 1872 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
18:06:22.0003 1872 netbt - ok
18:06:22.0034 1872 Netlogon (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
18:06:22.0034 1872 Netlogon - ok
18:06:22.0128 1872 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
18:06:22.0159 1872 Netman - ok
18:06:22.0206 1872 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
18:06:22.0221 1872 netprofm - ok
18:06:22.0299 1872 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:06:22.0315 1872 NetTcpPortSharing - ok
18:06:22.0923 1872 NETw5v64 (93915c41a0dbbd121a0fad2835e43776) C:\Windows\system32\DRIVERS\NETw5v64.sys
18:06:23.0032 1872 NETw5v64 - ok
18:06:23.0547 1872 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
18:06:23.0547 1872 nfrd960 - ok
18:06:23.0594 1872 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
18:06:23.0610 1872 NlaSvc - ok
18:06:23.0625 1872 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
18:06:23.0625 1872 Npfs - ok
18:06:23.0641 1872 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
18:06:23.0656 1872 nsi - ok
18:06:23.0672 1872 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
18:06:23.0672 1872 nsiproxy - ok
18:06:24.0015 1872 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
18:06:24.0062 1872 Ntfs - ok
18:06:24.0249 1872 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
18:06:24.0249 1872 Null - ok
18:06:24.0296 1872 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
18:06:24.0296 1872 nvraid - ok
18:06:24.0312 1872 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
18:06:24.0327 1872 nvstor - ok
18:06:24.0343 1872 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
18:06:24.0358 1872 nv_agp - ok
18:06:24.0421 1872 NWADI (952ab3bdef38a7391aa05bc8c6028f15) C:\Windows\system32\DRIVERS\NWADIenum.sys
18:06:24.0436 1872 NWADI - ok
18:06:24.0436 1872 NwlnkFlt - ok
18:06:24.0452 1872 NwlnkFwd - ok
18:06:24.0639 1872 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:06:24.0655 1872 odserv - ok
18:06:24.0686 1872 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
18:06:24.0702 1872 ohci1394 - ok
18:06:24.0842 1872 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:06:24.0873 1872 ose - ok
18:06:25.0014 1872 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:06:25.0045 1872 p2pimsvc - ok
18:06:25.0076 1872 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:06:25.0092 1872 p2psvc - ok
18:06:25.0201 1872 PACSPTISVR (41c33fb4fd929fed732a00d2daef5be0) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
18:06:25.0201 1872 PACSPTISVR - ok
18:06:25.0294 1872 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
18:06:25.0294 1872 Parport - ok
18:06:25.0326 1872 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
18:06:25.0326 1872 partmgr - ok
18:06:25.0372 1872 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
18:06:25.0372 1872 PCASp50a64 - ok
18:06:25.0435 1872 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
18:06:25.0435 1872 PcaSvc - ok
18:06:25.0482 1872 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
18:06:25.0482 1872 pci - ok
18:06:25.0513 1872 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
18:06:25.0513 1872 pciide - ok
18:06:25.0544 1872 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
18:06:25.0544 1872 pcmcia - ok
18:06:25.0591 1872 PCTBD (8fe3547a6a4669817bd01abd46f0cee5) C:\Windows\system32\Drivers\PCTBD64.sys
18:06:25.0591 1872 PCTBD - ok
18:06:25.0716 1872 PCTCore (876fd95b7a3b7fe6179fbd16e7a6486c) C:\Windows\system32\drivers\PCTCore64.sys
18:06:25.0747 1872 PCTCore - ok
18:06:25.0887 1872 pctDS (ba1f42a42f405f62ceff6b69a2797f7c) C:\Windows\system32\drivers\pctDS64.sys
18:06:25.0903 1872 pctDS - ok
18:06:26.0152 1872 pctEFA (146cc91c93ced13e7fe40e8d8615be39) C:\Windows\system32\drivers\pctEFA64.sys
18:06:26.0199 1872 pctEFA - ok
18:06:26.0480 1872 pctgntdi (814acba180fb7ad3856d5ccaa857c97d) C:\Windows\System32\drivers\pctgntdi64.sys
18:06:26.0496 1872 pctgntdi - ok
18:06:26.0496 1872 PCTINDIS5X64 - ok
18:06:26.0589 1872 pctplsg (abc87b90c4d20b0f76da00ff24b8826a) C:\Windows\System32\drivers\pctplsg64.sys
18:06:26.0589 1872 pctplsg - ok
18:06:26.0652 1872 PCTSD (577f20ebf1e42bebb238e2412b99c7ee) C:\Windows\system32\Drivers\PCTSD64.sys
18:06:26.0667 1872 PCTSD - ok
18:06:26.0917 1872 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
18:06:26.0979 1872 PEAUTH - ok
18:06:27.0104 1872 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
18:06:27.0104 1872 PerfHost - ok
18:06:27.0463 1872 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
18:06:27.0525 1872 pla - ok
18:06:27.0806 1872 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
18:06:27.0853 1872 PlugPlay - ok
18:06:28.0040 1872 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:06:28.0056 1872 PNRPAutoReg - ok
18:06:28.0087 1872 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:06:28.0102 1872 PNRPsvc - ok
18:06:28.0196 1872 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
18:06:28.0212 1872 PolicyAgent - ok
18:06:28.0290 1872 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
18:06:28.0305 1872 PptpMiniport - ok
18:06:28.0336 1872 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
18:06:28.0336 1872 Processor - ok
18:06:28.0368 1872 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
18:06:28.0383 1872 ProfSvc - ok
18:06:28.0414 1872 ProtectedStorage (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
18:06:28.0414 1872 ProtectedStorage - ok
18:06:28.0461 1872 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
18:06:28.0461 1872 PSched - ok
18:06:28.0492 1872 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
18:06:28.0492 1872 PxHlpa64 - ok
18:06:28.0664 1872 QBCFMonitorService (0a2c21b3168f2efc3468b35ff5508cea) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
18:06:28.0664 1872 QBCFMonitorService - ok
18:06:28.0695 1872 QBFCService (bab30d2799754f6ea22f0b9076311793) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
18:06:28.0695 1872 QBFCService - ok
18:06:28.0945 1872 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
18:06:28.0992 1872 ql2300 - ok
18:06:29.0272 1872 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
18:06:29.0272 1872 ql40xx - ok
18:06:29.0319 1872 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
18:06:29.0350 1872 QWAVE - ok
18:06:29.0382 1872 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
18:06:29.0382 1872 QWAVEdrv - ok
18:06:29.0444 1872 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
18:06:29.0444 1872 RapiMgr - ok
18:06:29.0475 1872 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
18:06:29.0475 1872 RasAcd - ok
18:06:29.0506 1872 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
18:06:29.0522 1872 RasAuto - ok
18:06:29.0553 1872 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:06:29.0569 1872 Rasl2tp - ok
18:06:29.0631 1872 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
18:06:29.0662 1872 RasMan - ok
18:06:29.0709 1872 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
18:06:29.0709 1872 RasPppoe - ok
18:06:29.0740 1872 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
18:06:29.0740 1872 RasSstp - ok
18:06:29.0959 1872 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
18:06:29.0974 1872 rdbss - ok
18:06:30.0006 1872 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:06:30.0006 1872 RDPCDD - ok
18:06:30.0068 1872 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
18:06:30.0068 1872 rdpdr - ok
18:06:30.0084 1872 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
18:06:30.0084 1872 RDPENCDD - ok
18:06:30.0162 1872 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
18:06:30.0193 1872 RDPWD - ok
18:06:30.0224 1872 regi - ok
18:06:30.0489 1872 RegSrvc (7a917120a62bcf2883fdd5c352447556) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:06:30.0552 1872 RegSrvc - ok
18:06:30.0598 1872 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
18:06:30.0598 1872 RemoteAccess - ok
18:06:30.0661 1872 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
18:06:30.0661 1872 RemoteRegistry - ok
18:06:30.0895 1872 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys
18:06:30.0942 1872 RFCOMM - ok
18:06:30.0988 1872 rimsptsk (d345ae15fa0ad4bd8d647c5509714858) C:\Windows\system32\DRIVERS\rimssn64.sys
18:06:30.0988 1872 rimsptsk - ok
18:06:31.0035 1872 RimUsb - ok
18:06:31.0066 1872 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
18:06:31.0066 1872 RimVSerPort - ok
18:06:31.0098 1872 risdptsk (c45cd294458fed92e9cc1c68768e9356) C:\Windows\system32\DRIVERS\risdsn64.sys
18:06:31.0098 1872 risdptsk - ok
18:06:31.0129 1872 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
18:06:31.0129 1872 ROOTMODEM - ok
18:06:31.0160 1872 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
18:06:31.0160 1872 RpcLocator - ok
18:06:31.0425 1872 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
18:06:31.0441 1872 RpcSs - ok
18:06:31.0675 1872 RsFx0150 (eb1c539e621a35a49f7692b0eb565ab9) C:\Windows\system32\DRIVERS\RsFx0150.sys
18:06:31.0706 1872 RsFx0150 - ok
18:06:31.0737 1872 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
18:06:31.0753 1872 rspndr - ok
18:06:31.0784 1872 RTHDMIAzAudService (bff15b0d6b0567c88306b66dac264c41) C:\Windows\system32\drivers\RtHDMIVX.sys
18:06:31.0800 1872 RTHDMIAzAudService - ok
18:06:31.0831 1872 RtkAudioService (3437ad70e6d813c2a350b216de7ffcee) C:\Windows\RtkAudioService.exe
18:06:31.0831 1872 RtkAudioService - ok
18:06:32.0034 1872 SampleCollector (6b318f9443740a907d1c8f3460c19009) C:\Program Files\Sony\VAIO Care\collsvc.exe
18:06:32.0034 1872 SampleCollector - ok
18:06:32.0080 1872 SamSs (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
18:06:32.0096 1872 SamSs - ok
18:06:32.0127 1872 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
18:06:32.0127 1872 sbp2port - ok
18:06:32.0190 1872 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
18:06:32.0205 1872 SCardSvr - ok
18:06:32.0408 1872 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
18:06:32.0439 1872 Schedule - ok
18:06:32.0486 1872 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
18:06:32.0486 1872 SCPolicySvc - ok
18:06:32.0829 1872 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
18:06:32.0829 1872 sdAuxService - ok
18:06:33.0001 1872 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
18:06:33.0016 1872 sdbus - ok
18:06:33.0172 1872 sdCoreService (44323c0bcbffa66a7a90e93f5d027999) C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
18:06:33.0188 1872 sdCoreService - ok
18:06:33.0438 1872 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
18:06:33.0438 1872 SDRSVC - ok
18:06:33.0500 1872 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:06:33.0500 1872 secdrv - ok
18:06:33.0547 1872 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
18:06:33.0562 1872 seclogon - ok
18:06:33.0578 1872 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
18:06:33.0594 1872 SENS - ok
18:06:33.0625 1872 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
18:06:33.0625 1872 Serenum - ok
18:06:33.0656 1872 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
18:06:33.0656 1872 Serial - ok
18:06:33.0687 1872 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
18:06:33.0687 1872 sermouse - ok
18:06:33.0734 1872 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
18:06:33.0734 1872 SessionEnv - ok
18:06:33.0781 1872 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
18:06:33.0781 1872 SFEP - ok
18:06:33.0812 1872 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
18:06:33.0812 1872 sffdisk - ok
18:06:33.0843 1872 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
18:06:33.0843 1872 sffp_mmc - ok
18:06:33.0890 1872 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
18:06:33.0890 1872 sffp_sd - ok
18:06:33.0906 1872 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
18:06:33.0921 1872 sfloppy - ok
18:06:33.0984 1872 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
18:06:34.0015 1872 SharedAccess - ok
18:06:34.0062 1872 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
18:06:34.0093 1872 ShellHWDetection - ok
18:06:34.0140 1872 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
18:06:34.0140 1872 SiSRaid2 - ok
18:06:34.0186 1872 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
18:06:34.0186 1872 SiSRaid4 - ok
18:06:34.0561 1872 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
18:06:34.0623 1872 slsvc - ok
18:06:34.0842 1872 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
18:06:34.0842 1872 SLUINotify - ok
18:06:35.0013 1872 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
18:06:35.0029 1872 Smb - ok
18:06:35.0060 1872 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
18:06:35.0076 1872 SNMPTRAP - ok
18:06:35.0200 1872 SOHCImp (dc826affa608f50c385bca4c71ef1bdd) C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe
18:06:35.0200 1872 SOHCImp - ok
18:06:35.0247 1872 SOHDms (1ec739f65c51fa1c7ac4502464a3c3a8) C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe
18:06:35.0278 1872 SOHDms - ok
18:06:35.0294 1872 SOHDs (ec8fab4ac684445d6032aa5c6e77ca2e) C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe
18:06:35.0294 1872 SOHDs - ok
18:06:35.0325 1872 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
18:06:35.0341 1872 spldr - ok
18:06:35.0512 1872 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
18:06:35.0528 1872 Spooler - ok
18:06:35.0637 1872 SPTISRV (f63102f289ae2039940b22e9b2a8e0bd) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
18:06:35.0637 1872 SPTISRV - ok
18:06:35.0809 1872 SQLAgent$ACT7 (bea7fea5bb31eb58d78971f821ae6844) C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE
18:06:35.0871 1872 SQLAgent$ACT7 - ok
18:06:35.0949 1872 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:06:35.0949 1872 SQLBrowser - ok
18:06:36.0012 1872 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:06:36.0012 1872 SQLWriter - ok
18:06:36.0355 1872 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
18:06:36.0370 1872 srv - ok
18:06:36.0433 1872 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
18:06:36.0448 1872 srv2 - ok
18:06:36.0464 1872 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
18:06:36.0464 1872 srvnet - ok
18:06:36.0511 1872 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
18:06:36.0526 1872 SSDPSRV - ok
18:06:36.0558 1872 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
18:06:36.0558 1872 SstpSvc - ok
18:06:36.0667 1872 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
18:06:36.0698 1872 stisvc - ok
18:06:36.0745 1872 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
18:06:36.0745 1872 swenum - ok
18:06:36.0807 1872 swmsflt (d294db3e6b227ba511a454df4b9a5856) C:\Windows\system32\DRIVERS\swmsflt.sys
18:06:36.0807 1872 swmsflt - ok
18:06:36.0854 1872 swmx00 (64e4c4f9a98b1b435bef78a37bb130ee) C:\Windows\system32\DRIVERS\swmx00.sys
18:06:36.0854 1872 swmx00 - ok
18:06:36.0885 1872 SWNC5E00 (4a827a6be651da66aa85d17726743bf5) C:\Windows\system32\DRIVERS\SWNC5E00.sys
18:06:36.0901 1872 SWNC5E00 - ok
18:06:36.0963 1872 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
18:06:36.0979 1872 swprv - ok
18:06:37.0010 1872 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
18:06:37.0010 1872 Symc8xx - ok
18:06:37.0041 1872 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
18:06:37.0041 1872 Sym_hi - ok
18:06:37.0072 1872 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
18:06:37.0072 1872 Sym_u3 - ok
18:06:37.0166 1872 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
18:06:37.0197 1872 SysMain - ok
18:06:37.0244 1872 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
18:06:37.0244 1872 TabletInputService - ok
18:06:37.0291 1872 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
18:06:37.0322 1872 TapiSrv - ok
18:06:37.0338 1872 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
18:06:37.0353 1872 TBS - ok
18:06:37.0556 1872 Tcpip (19a7321e3a5f1ddb215d2815dcc8f8e4) C:\Windows\system32\drivers\tcpip.sys
18:06:37.0618 1872 Tcpip - ok
18:06:38.0055 1872 Tcpip6 (19a7321e3a5f1ddb215d2815dcc8f8e4) C:\Windows\system32\DRIVERS\tcpip.sys
18:06:38.0071 1872 Tcpip6 - ok
18:06:38.0430 1872 tcpipreg (2aa1b7ebc271e995f3358c1fa7a1d35b) C:\Windows\system32\drivers\tcpipreg.sys
18:06:38.0461 1872 tcpipreg - ok
18:06:38.0492 1872 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
18:06:38.0492 1872 TDPIPE - ok
18:06:38.0508 1872 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
18:06:38.0523 1872 TDTCP - ok
18:06:38.0554 1872 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
18:06:38.0554 1872 tdx - ok
18:06:38.0586 1872 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
18:06:38.0601 1872 TermDD - ok
18:06:38.0695 1872 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
18:06:38.0726 1872 TermService - ok
18:06:38.0773 1872 TfFsMon (9cd5c339754e2310790ca27dbbd31f88) C:\Windows\system32\drivers\TfFsMon.sys
18:06:38.0773 1872 TfFsMon - ok
18:06:38.0835 1872 TfNetMon (00809507fafa1be93dbbace5029f27bb) C:\Windows\system32\drivers\TfNetMon.sys
18:06:38.0835 1872 TfNetMon - ok
18:06:38.0944 1872 TFSysMon (3593a7b1264fba24fe9e097a99b3e848) C:\Windows\system32\drivers\TfSysMon.sys
18:06:38.0960 1872 TFSysMon - ok
18:06:39.0007 1872 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
18:06:39.0022 1872 Themes - ok
18:06:39.0100 1872 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
18:06:39.0100 1872 THREADORDER - ok
18:06:39.0350 1872 ThreatFire - ok
18:06:39.0428 1872 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
18:06:39.0428 1872 TrkWks - ok
18:06:39.0490 1872 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
18:06:39.0490 1872 TrustedInstaller - ok
18:06:39.0600 1872 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:06:39.0600 1872 tssecsrv - ok
18:06:39.0631 1872 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
18:06:39.0631 1872 tunmp - ok
18:06:39.0662 1872 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
18:06:39.0662 1872 tunnel - ok
18:06:39.0709 1872 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
18:06:39.0709 1872 uagp35 - ok
18:06:39.0771 1872 uCamMonitor (a1cdf0e7cb409b05ee22f9035cb33c8b) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
18:06:39.0771 1872 uCamMonitor - ok
18:06:39.0880 1872 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
18:06:39.0880 1872 udfs - ok
18:06:39.0974 1872 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
18:06:39.0974 1872 UI0Detect - ok
18:06:40.0036 1872 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
18:06:40.0036 1872 uliagpkx - ok
18:06:40.0068 1872 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
18:06:40.0083 1872 uliahci - ok
18:06:40.0114 1872 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
18:06:40.0114 1872 UlSata - ok
18:06:40.0161 1872 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
18:06:40.0161 1872 ulsata2 - ok
18:06:40.0192 1872 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
18:06:40.0192 1872 umbus - ok
18:06:40.0239 1872 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
18:06:40.0255 1872 upnphost - ok
18:06:40.0302 1872 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
18:06:40.0302 1872 usbaudio - ok
18:06:40.0364 1872 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
18:06:40.0364 1872 usbccgp - ok
18:06:40.0395 1872 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
18:06:40.0395 1872 usbcir - ok
18:06:40.0426 1872 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
18:06:40.0426 1872 usbehci - ok
18:06:40.0473 1872 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
18:06:40.0489 1872 usbhub - ok
18:06:40.0520 1872 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
18:06:40.0520 1872 usbohci - ok
18:06:40.0567 1872 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
18:06:40.0567 1872 usbprint - ok
18:06:40.0614 1872 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
18:06:40.0614 1872 usbscan - ok
18:06:40.0645 1872 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:06:40.0645 1872 USBSTOR - ok
18:06:40.0676 1872 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
18:06:40.0676 1872 usbuhci - ok
18:06:40.0723 1872 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
18:06:40.0723 1872 usbvideo - ok
18:06:40.0754 1872 usb_rndisx (1e36bb1a3c5aaf2aa9fa9a126df8c16c) C:\Windows\system32\DRIVERS\usb8023x.sys
18:06:40.0754 1872 usb_rndisx - ok
18:06:40.0785 1872 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
18:06:40.0801 1872 UxSms - ok
18:06:40.0910 1872 VAIO Entertainment TV Device Arbitration Service (2a640dc735cb0112ac1dcd1e1549b27e) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
18:06:40.0910 1872 VAIO Entertainment TV Device Arbitration Service - ok
18:06:41.0019 1872 VAIO Event Service (693a3fdd279c345105fff9dde277849b) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
18:06:41.0035 1872 VAIO Event Service - ok
18:06:41.0222 1872 VAIO Power Management (564558b7cf97be373a3a800b4c4c5221) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
18:06:41.0269 1872 VAIO Power Management - ok
18:06:41.0394 1872 VCFw (cbcbe2233d21e9b278f95f5cb28bc8ae) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
18:06:41.0394 1872 VCFw - ok
18:06:41.0472 1872 VcmIAlzMgr (27888f132d2ee0b72b28093a5f5f20eb) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
18:06:41.0487 1872 VcmIAlzMgr - ok
18:06:41.0550 1872 VcmXmlIfHelper (5d45ab08c70f789cecf45543c3233767) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
18:06:41.0550 1872 VcmXmlIfHelper - ok
18:06:41.0550 1872 Vcsw - ok
18:06:41.0877 1872 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
18:06:41.0908 1872 vds - ok
18:06:42.0002 1872 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
18:06:42.0002 1872 vga - ok
18:06:42.0033 1872 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
18:06:42.0049 1872 VgaSave - ok
18:06:42.0096 1872 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
18:06:42.0096 1872 viaide - ok
18:06:42.0158 1872 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
18:06:42.0158 1872 volmgr - ok
18:06:42.0220 1872 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
18:06:42.0236 1872 volmgrx - ok
18:06:42.0283 1872 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
18:06:42.0314 1872 volsnap - ok
18:06:42.0361 1872 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
18:06:42.0361 1872 vsmraid - ok
18:06:42.0532 1872 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
18:06:42.0579 1872 VSS - ok
18:06:42.0735 1872 VzCdbSvc (071634532066c2e29350d450c3412837) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
18:06:42.0735 1872 VzCdbSvc - ok
18:06:42.0954 1872 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
18:06:42.0969 1872 W32Time - ok
18:06:43.0047 1872 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
18:06:43.0047 1872 WacomPen - ok
18:06:43.0094 1872 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:06:43.0094 1872 Wanarp - ok
18:06:43.0110 1872 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:06:43.0110 1872 Wanarpv6 - ok
18:06:43.0281 1872 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
18:06:43.0297 1872 WcesComm - ok
18:06:43.0437 1872 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
18:06:43.0484 1872 wcncsvc - ok
18:06:43.0531 1872 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
18:06:43.0546 1872 WcsPlugInService - ok
18:06:43.0609 1872 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
18:06:43.0609 1872 Wd - ok
18:06:43.0656 1872 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
18:06:43.0656 1872 WDC_SAM - ok
18:06:43.0812 1872 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
18:06:43.0905 1872 Wdf01000 - ok
18:06:43.0952 1872 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
18:06:43.0968 1872 WdiServiceHost - ok
18:06:43.0968 1872 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
18:06:43.0983 1872 WdiSystemHost - ok
18:06:44.0108 1872 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
18:06:44.0108 1872 WebClient - ok
18:06:44.0233 1872 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
18:06:44.0248 1872 Wecsvc - ok
18:06:44.0311 1872 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
18:06:44.0311 1872 wercplsupport - ok
18:06:44.0358 1872 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
18:06:44.0358 1872 WerSvc - ok
18:06:44.0436 1872 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
18:06:44.0436 1872 WimFltr - ok
18:06:44.0514 1872 winachsf (057b062cf9a11e04db45b8c3afc28b11) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
18:06:44.0529 1872 winachsf - ok
18:06:44.0576 1872 WinDefend - ok
18:06:44.0607 1872 WinHttpAutoProxySvc - ok
18:06:44.0701 1872 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
18:06:44.0716 1872 Winmgmt - ok
18:06:44.0982 1872 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
18:06:45.0122 1872 WinRM - ok
18:06:45.0528 1872 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
18:06:45.0590 1872 Wlansvc - ok
18:06:45.0637 1872 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
18:06:45.0637 1872 WmiAcpi - ok
18:06:45.0715 1872 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
18:06:45.0730 1872 wmiApSrv - ok
18:06:45.0777 1872 WMPNetworkSvc - ok
18:06:45.0855 1872 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
18:06:45.0871 1872 WPCSvc - ok
18:06:45.0902 1872 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
18:06:45.0918 1872 WPDBusEnum - ok
18:06:45.0949 1872 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
18:06:45.0949 1872 WpdUsb - ok
18:06:45.0980 1872 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
18:06:45.0980 1872 ws2ifsl - ok
18:06:46.0011 1872 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
18:06:46.0011 1872 wscsvc - ok
18:06:46.0058 1872 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
18:06:46.0058 1872 WSDPrintDevice - ok
18:06:46.0105 1872 WSDScan (c48e6ef92be6bfef9ee2430c42eaf2bd) C:\Windows\system32\DRIVERS\WSDScan.sys
18:06:46.0105 1872 WSDScan - ok
18:06:46.0120 1872 WSearch - ok
18:06:46.0791 1872 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
18:06:46.0978 1872 wuauserv - ok
18:06:47.0228 1872 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:06:47.0228 1872 WUDFRd - ok
18:06:47.0290 1872 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
18:06:47.0290 1872 wudfsvc - ok
18:06:47.0337 1872 XAudio (638c99d993afab0e1fab226e2bbe6d79) C:\Windows\system32\DRIVERS\xaudio64.sys
18:06:47.0337 1872 XAudio - ok
18:06:47.0415 1872 XAudioService (3e775f0bd28ddeff53d78578b97a3cff) C:\Windows\system32\DRIVERS\xaudio64.exe
18:06:47.0431 1872 XAudioService - ok
18:06:47.0696 1872 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:06:47.0727 1872 YahooAUService - ok
18:06:47.0946 1872 yukonx64 (3c5b0410faba5b1014eefeee77e1296a) C:\Windows\system32\DRIVERS\yk60x64.sys
18:06:47.0977 1872 yukonx64 - ok
18:06:48.0024 1872 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:06:48.0398 1872 \Device\Harddisk0\DR0 - ok
18:06:48.0445 1872 MBR (0x1B8) (56beed9d40b4c378fe43751e33ae7469) \Device\Harddisk3\DR3
18:06:49.0287 1872 \Device\Harddisk3\DR3 - ok
18:06:49.0303 1872 Boot (0x1200) (a5450fd2b286625b2b8b9864fd0c79bf) \Device\Harddisk0\DR0\Partition0
18:06:49.0318 1872 \Device\Harddisk0\DR0\Partition0 - ok
18:06:49.0334 1872 Boot (0x1200) (5088952ed477dcc2aea2f44570dd7da2) \Device\Harddisk3\DR3\Partition0
18:06:49.0350 1872 \Device\Harddisk3\DR3\Partition0 - ok
18:06:49.0365 1872 ============================================================
18:06:49.0365 1872 Scan finished
18:06:49.0365 1872 ============================================================
18:06:49.0365 3724 Detected object count: 0
18:06:49.0365 3724 Actual detected object count: 0
18:07:57.0531 3748 Deinitialize success

here is the aswmbr text file


swMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-27 18:09:34
-----------------------------
18:09:34.037 OS Version: Windows x64 6.0.6002 Service Pack 2
18:09:34.037 Number of processors: 2 586 0xF0D
18:09:34.037 ComputerName: OWNER-PC UserName: Owner
18:09:35.332 Initialize success
18:09:38.210 AVAST engine download error: 0
18:09:58.943 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:09:58.943 Disk 0 Vendor: FUJITSU_ 0041 Size: 238475MB BusType: 3
18:09:58.958 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000079
18:09:58.958 Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0
18:09:58.958 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000007a
18:09:58.974 Disk 2 Vendor: RICOH 02 Size: 238475MB BusType: 0
18:09:59.021 Disk 0 MBR read successfully
18:09:59.021 Disk 0 MBR scan
18:09:59.036 Disk 0 Windows VISTA default MBR code
18:09:59.052 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10348 MB offset 2048
18:09:59.067 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 228125 MB offset 21194752
18:09:59.177 Disk 0 scanning C:\Windows\system32\drivers
18:10:30.049 Service scanning
18:10:52.279 Modules scanning
18:10:52.295 Disk 0 trace - called modules:
18:10:52.341 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys acpi.sys iaStor.sys hal.dll
18:10:52.357 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800687c790]
18:10:52.373 3 CLASSPNP.SYS[fffffa60013d0c33] -> nt!IofCallDriver -> [0xfffffa8006777100]
18:10:52.373 5 PCTCore64.sys[fffffa6000b42720] -> nt!IofCallDriver -> [0xfffffa8004bc44b0]
18:10:52.388 7 acpi.sys[fffffa6000944fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005398050]
18:10:52.404 Scan finished successfully
18:11:34.399 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
18:11:34.399 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:29 PM

Posted 27 May 2012 - 08:36 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:29 PM

Posted 29 May 2012 - 11:28 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mojomike

mojomike
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 30 May 2012 - 07:26 AM

sorry went on holiday, will be in front of this computer to fix on Wednesday evening, so I will start working on it at 8pm eastern standard time

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:29 PM

Posted 30 May 2012 - 07:31 AM

no problem - is that tonight or a week from tonight


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:29 PM

Posted 05 June 2012 - 12:57 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users