Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected w/ Win64:Sirefef-A[Trj], Win32:Sirefef-AD[Rtk], Win32:Malware-gen


  • This topic is locked This topic is locked
30 replies to this topic

#1 SurlyBastage

SurlyBastage

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 30 June 2012 - 08:32 AM

When I try to turn Windows' firewall on/off, I get the message "Due to an unidentified problem, Windows cannot display Windows firewall settings.

The Security Service center cannot be started.

I cannot install cumulative security update for IE8.

I was getting redirected to different websites in new windows when surfing.

I recently removed AVG and installed Avast. I also recently updated JAVA and removed old JAVA stuff.

Avast keeps indicating it has blocked:

Infection - Win64:Sirefef-A[Trj]
Object -80000000.@

Infection - Win32:Sirefef-AD[Rtk]
Object - 800000cb.@

Infection - Win32:Malware-gen
Object - 00000001.@

I have scanned w/ Avast (Avast also did a boot scan), Malwarebytes, and SuperAntiSpyware, and nothing has changed except the redirect seems to have stopped.

I tried the gmer scan three times and each time it resulted in a blue screen. All I could read on the screen was uwldypow.sys.

Anyway the DDS file -

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 10.5.1
Run by JIM at 21:05:10 on 2012-06-29
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1013.170 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\OdHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.sony.com/vaiopeople
mStart Page = hxxp://att.yahoo.com
mDefault_Page_URL = hxxp://att.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [VAIOSurvey] c:\program files\sony corporation\vaio survey\Vista VAIO Survey.exe
mRun: [VAIOSecurity] "c:\program files\sony\vaio security center\VSC.exe" 1
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [Linksys Wireless-N Notebook Adapter] c:\program files\linksys\wireless-n network monitor\WPC300N.exe
mRun: [InstantAccess] c:\program files\textbridge pro millennium\bin\InstantAccess.exe /h
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\java\jre7\bin\jusched.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - c:\program files\yahoo!\common\yucconfig.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{40FC4565-3516-4BCA-8D15-D9318DC658B2} : DhcpNameServer = 192.168.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jim\appdata\roaming\mozilla\firefox\profiles\jwsi331m.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B253cdbb6-a71b-44f3-9ad5-b4ba63c6dbc9%7D&mid=f7754ed519af47d1aa68d15aefaa04a9-80391b5240125a12089bf9f480b6c4b638feeb6a&ds=AVG&v=9.0.0.21&lang=en&pr=pr&d=2011-12-15%2022%3A18%3A49&sap=ku&q=
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\users\jim\appdata\roaming\mozilla\firefox\profiles\jwsi331m.default\extensions\{fcab6fdd-5585-425b-95c1-5ed856f3fd08}\plugins\npstarter.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-22 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-22 353688]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-25 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-22 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-6-22 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-22 44808]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-12-18 227328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-6-28 40776]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
.
=============== Created Last 30 ================
.
2012-06-29 22:59:19 32768 ------w- c:\windows\system32\IJRMF.exe
2012-06-29 22:19:50 -------- d-----w- c:\program files\Oracle
2012-06-29 22:18:35 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-28 21:49:41 -------- d-----w- c:\users\jim\appdata\local\ElevatedDiagnostics
2012-06-28 20:08:23 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-23 01:11:02 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-23 01:11:00 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-23 01:10:11 41224 ----a-w- c:\windows\avastSS.scr
2012-06-23 01:09:02 -------- d-----w- c:\programdata\AVAST Software
2012-06-23 01:09:02 -------- d-----w- c:\program files\AVAST Software
2012-06-21 23:58:32 -------- d-sh--w- c:\windows\system32\%APPDATA%
.
==================== Find3M ====================
.
2012-06-21 23:56:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-21 23:56:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 23:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 21:09:56.41 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:04 AM

Posted 01 July 2012 - 12:50 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 SurlyBastage

SurlyBastage
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 01 July 2012 - 10:19 PM

Thank you Gringo.

I ran the security check (results below).

Turned off Avast.
The firewall was already off because I cannot get it to turn on.
Ran combofix

Combofix was running
it disappeared
I heard two beeps followed by two more beeps
What I think was a message box flashed too quickly for me to read what it might have said
Then nothing
I waited a bit then restarted the computer

I still cannot install the important cumulative security update for IE8
I still cannot turn the firewall on
Avast (it is on again) has not yet popped up to indicate something has been blocked


Checkup log

Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware Free Edition
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Flash Player 11.1.102.63
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 20 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:04 AM

Posted 01 July 2012 - 10:26 PM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 SurlyBastage

SurlyBastage
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 02 July 2012 - 05:35 PM

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 01-07-2012
Ran by SYSTEM at 02-07-2012 18:06:44
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe [118784 2006-11-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [43128 2006-11-11] (Sony Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [VAIOSurvey] C:\Program Files\Sony Corporation\VAIO Survey\Vista VAIO Survey.exe [577536 2006-12-06] ()
HKLM\...\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1 [2150400 2006-11-28] ()
HKLM\...\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [198160 2009-10-27] (RealNetworks, Inc.)
HKLM\...\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" [398728 2008-01-29] (Symantec Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [81920 2006-12-13] (Intel Corporation)
HKLM\...\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [69632 2006-03-21] (ScanSoft, Inc.)
HKLM\...\Run: [Linksys Wireless-N Notebook Adapter] C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe [36864 2006-04-28] ()
HKLM\...\Run: [InstantAccess] C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h [49152 2001-10-04] (Scansoft, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [98304 2006-12-13] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [106496 2006-12-13] (Intel Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [x]
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-06-28] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" [x]
HKU\Donna\...\Policies\system: [LogonHoursAction] 2
HKU\Donna\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\JIM\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [8704 2006-11-02] (Microsoft Corporation)
HKU\JIM\...\Policies\system: [LogonHoursAction] 2
HKU\JIM\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)

================================ Services (Whitelisted) ==================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2011-09-06] (SUPERAntiSpyware.com)
2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [554352 2007-09-12] (Symantec Corporation)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-06-28] (AVAST Software)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2999664 2007-09-12] (Symantec Corporation)
2 LiveUpdate Notice Service; "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" [537992 2008-04-10] (Symantec Corporation)
3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [57344 2006-10-04] (Sony Corporation)
2 MSSQL$VAIO_VEDB; "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVAIO_VEDB [29293408 2010-12-10] (Microsoft Corporation)
4 MSSQLServerADHelper; "C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [44384 2010-12-10] (Microsoft Corporation)
2 NICSer_WPC300N; C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe [452608 2003-11-13] ()
3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-10-04] (Sony Corporation)
3 QBFCService; "C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe" [71184 2006-09-16] (Intuit Inc.)
3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-10-04] (Sony Corporation)
2 SQLBrowser; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [238944 2010-12-10] (Microsoft Corporation)
2 SQLWriter; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [86880 2010-12-10] (Microsoft Corporation)
3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [69632 2006-11-13] (Sony Corporation)
3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe" [73728 2006-09-21] (Sony Corporation)
2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2006-11-24] (Sony Corporation)
3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-01-16] (Sony Corporation)
3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-01-16] (Sony Corporation)
3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation)
3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-01-16] (Sony Corporation)
3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [274432 2006-08-23] (Sony Corporation)
2 VzCdbSvc; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [172032 2006-09-26] (Sony Corporation)
2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [135168 2006-09-26] (Sony Corporation)
2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
2 LiveUpdate Notice Ex; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
3 VAIOMediaPlatform-IntegratedServer-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP" [x]
3 VAIOMediaPlatform-Mobile-Gateway; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server" [x]
3 VAIOMediaPlatform-UCLS-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" [x]

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-06-28] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [57656 2012-06-28] (AVAST Software)
1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [35928 2012-06-28] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [721000 2012-06-28] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [353688 2012-06-28] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-06-28] (AVAST Software)
1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [2432 2006-11-30] (Sonic Solutions)
1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [2560 2006-11-30] (Sonic Solutions)
4 iteraid; C:\Windows\system32\drivers\iteraid.sys [35944 2006-11-02] (Integrated Technology Express, Inc.)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-06-28] (Malwarebytes Corporation)
3 odysseyIM4; C:\Windows\System32\DRIVERS\odysseyIM4.sys [173056 2005-05-18] (Funk Software, Inc.)
3 PROCEXP113; \??\C:\Windows\system32\Drivers\PROCEXP113.SYS [12568 2012-07-01] (Sysinternals - www.sysinternals.com)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-09-06] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-07-25] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67664 2011-09-06] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SNC; C:\Windows\System32\Drivers\SonyNC.sys [27520 2006-11-06] (Sony Corporation)
3 sscdbus; C:\Windows\System32\DRIVERS\sscdbus.sys [80552 2007-07-03] (MCCI Corporation)
3 sscdmdfl; C:\Windows\System32\DRIVERS\sscdmdfl.sys [11944 2007-07-03] (MCCI Corporation)
3 sscdmdm; C:\Windows\System32\DRIVERS\sscdmdm.sys [106792 2007-07-03] (MCCI Corporation)
3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [86824 2007-07-03] (MCCI Corporation)
3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [227328 2006-11-10] (Texas Instruments)
3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [12672 2007-04-09] (LG Electronics Inc.)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [21248 2007-04-09] (LG Electronics Inc.)
3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [22912 2007-04-09] (LG Electronics Inc.)
3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [15872 2008-01-18] (Microsoft Corporation)
3 CBTNDIS4; \??\C:\Windows\system32\CBTNDIS4.SYS [x]
0 jkbed; C:\Windows\System32\drivers\rdlrusx.sys [x]
2 MCSTRM; [x]
3 {79007602-0CDB-4405-9DBF-1257BB3226EE}; Combo-Fix.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-02 18:06 - 2012-07-02 18:06 - 00000000 ____D C:\FRST
2012-07-01 18:09 - 2012-07-01 18:09 - 00012568 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\Drivers\PROCEXP113.SYS
2012-07-01 18:09 - 2012-07-01 18:09 - 00000331 ____A C:\Start_.cmd
2012-07-01 18:09 - 2012-07-01 18:09 - 00000000 ____D C:\ComboFix
2012-07-01 18:07 - 2012-07-01 18:09 - 00000000 ____D C:\Qoobox
2012-07-01 18:06 - 2012-07-01 18:09 - 00000000 ___SD C:\32788R22FWJFW
2012-07-01 18:06 - 2012-07-01 18:08 - 00000000 ____D C:\Windows\erdnt
2012-07-01 18:05 - 2012-07-01 18:05 - 00001299 ____A C:\Users\JIM\Desktop\checkup.txt
2012-07-01 17:33 - 2012-07-01 17:33 - 04568936 ____R (Swearware) C:\Users\JIM\Desktop\ComboFix.exe
2012-07-01 17:31 - 2012-07-01 17:31 - 00881475 ____A C:\Users\JIM\Desktop\SecurityCheck.exe
2012-07-01 17:30 - 2012-07-01 17:30 - 00016384 ____A C:\Users\JIM\Desktop\Bleeping puter help.wps
2012-06-29 17:37 - 2012-06-29 17:37 - 00138160 ____A C:\Windows\Minidump\Mini062912-03.dmp
2012-06-29 17:31 - 2012-06-29 17:31 - 00138160 ____A C:\Windows\Minidump\Mini062912-02.dmp
2012-06-29 17:23 - 2012-06-29 17:37 - 179964231 ____A C:\Windows\MEMORY.DMP
2012-06-29 17:23 - 2012-06-29 17:23 - 00138160 ____A C:\Windows\Minidump\Mini062912-01.dmp
2012-06-29 17:22 - 2012-06-29 17:22 - 00001664 ____A C:\Windows\PFRO.log
2012-06-29 17:18 - 2012-06-29 17:18 - 00000000 ____D C:\Users\JIM\Desktop\gmer
2012-06-29 17:15 - 2012-06-29 17:15 - 00294216 ____A C:\Users\JIM\Desktop\gmer.zip
2012-06-29 17:12 - 2012-06-29 17:12 - 00006620 ____A C:\Users\JIM\Desktop\Attach.txt
2012-06-29 17:11 - 2012-06-29 17:11 - 00012875 ____A C:\Users\JIM\Desktop\DDS.txt
2012-06-29 17:03 - 2012-06-29 17:03 - 00607260 ____R (Swearware) C:\Users\JIM\Desktop\dds.scr
2012-06-29 17:02 - 2012-06-29 17:02 - 00000468 ____A C:\Users\JIM\Desktop\defogger_disable.log
2012-06-29 17:02 - 2012-06-29 17:02 - 00000000 ____A C:\Users\JIM\defogger_reenable
2012-06-29 16:58 - 2012-06-29 16:59 - 00050477 ____A C:\Users\JIM\Desktop\Defogger.exe
2012-06-29 14:59 - 2006-03-29 06:05 - 00032768 ____N (CANON INC.) C:\Windows\System32\IJRMF.exe
2012-06-29 14:19 - 2012-06-29 14:19 - 00000000 ____D C:\Users\JIM\Downloads\EAC
2012-06-29 14:19 - 2012-06-29 14:19 - 00000000 ____D C:\Program Files\Oracle
2012-06-29 14:18 - 2012-06-29 14:53 - 00000000 ____D C:\Users\JIM\Downloads\Computer
2012-06-29 14:18 - 2012-06-29 14:17 - 00227824 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-29 14:18 - 2012-05-04 15:29 - 00772504 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-29 14:17 - 2012-06-29 14:17 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-29 14:17 - 2012-06-29 14:17 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-28 12:08 - 2012-06-28 12:43 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-06-22 17:11 - 2012-06-28 04:52 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-06-22 17:11 - 2012-06-28 04:52 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-06-22 17:11 - 2012-06-28 04:52 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-06-22 17:11 - 2012-06-28 04:52 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-06-22 17:11 - 2012-06-28 04:52 - 00035928 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2012-06-22 17:11 - 2012-06-28 04:52 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-06-22 17:11 - 2012-06-22 17:11 - 00001829 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-06-22 17:10 - 2012-06-28 04:52 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-06-22 17:10 - 2012-06-28 04:51 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-06-22 17:09 - 2012-06-22 17:09 - 00000000 ____D C:\Program Files\AVAST Software
2012-06-22 16:52 - 2012-06-22 16:52 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-06-21 15:58 - 2012-06-21 15:58 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-18 15:49 - 2012-06-18 15:49 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-13 15:30 - 2012-06-13 15:30 - 00000000 ____D C:\Users\JIM\AppData\Local\Apps\Adobe

============ 3 Months Modified Files ========================

2012-07-02 14:01 - 2007-02-17 13:36 - 00049152 ____A C:\Windows\System32\Ikeext.etl
2012-07-02 14:01 - 2006-11-02 05:01 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-02 14:01 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-02 14:00 - 2006-11-02 04:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-02 14:00 - 2006-11-02 04:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-02 13:58 - 2007-02-17 07:47 - 01069802 ____A C:\Windows\WindowsUpdate.log
2012-07-01 18:09 - 2012-07-01 18:09 - 00012568 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\Drivers\PROCEXP113.SYS
2012-07-01 18:09 - 2012-07-01 18:09 - 00000331 ____A C:\Start_.cmd
2012-07-01 18:05 - 2012-07-01 18:05 - 00001299 ____A C:\Users\JIM\Desktop\checkup.txt
2012-07-01 17:33 - 2012-07-01 17:33 - 04568936 ____R (Swearware) C:\Users\JIM\Desktop\ComboFix.exe
2012-07-01 17:31 - 2012-07-01 17:31 - 00881475 ____A C:\Users\JIM\Desktop\SecurityCheck.exe
2012-07-01 17:30 - 2012-07-01 17:30 - 00016384 ____A C:\Users\JIM\Desktop\Bleeping puter help.wps
2012-07-01 17:30 - 2007-02-20 06:11 - 00000884 ____A C:\Users\JIM\AppData\Roaming\wklnhst.dat
2012-07-01 16:48 - 2007-02-24 13:53 - 00018432 ____A C:\Users\JIM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-01 16:42 - 2006-11-02 02:33 - 00781622 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-01 16:39 - 2007-02-17 10:55 - 00079472 ____A C:\Users\JIM\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-29 17:37 - 2012-06-29 17:37 - 00138160 ____A C:\Windows\Minidump\Mini062912-03.dmp
2012-06-29 17:37 - 2012-06-29 17:23 - 179964231 ____A C:\Windows\MEMORY.DMP
2012-06-29 17:31 - 2012-06-29 17:31 - 00138160 ____A C:\Windows\Minidump\Mini062912-02.dmp
2012-06-29 17:23 - 2012-06-29 17:23 - 00138160 ____A C:\Windows\Minidump\Mini062912-01.dmp
2012-06-29 17:23 - 2006-11-02 04:47 - 00331712 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-29 17:22 - 2012-06-29 17:22 - 00001664 ____A C:\Windows\PFRO.log
2012-06-29 17:15 - 2012-06-29 17:15 - 00294216 ____A C:\Users\JIM\Desktop\gmer.zip
2012-06-29 17:12 - 2012-06-29 17:12 - 00006620 ____A C:\Users\JIM\Desktop\Attach.txt
2012-06-29 17:11 - 2012-06-29 17:11 - 00012875 ____A C:\Users\JIM\Desktop\DDS.txt
2012-06-29 17:03 - 2012-06-29 17:03 - 00607260 ____R (Swearware) C:\Users\JIM\Desktop\dds.scr
2012-06-29 17:02 - 2012-06-29 17:02 - 00000468 ____A C:\Users\JIM\Desktop\defogger_disable.log
2012-06-29 17:02 - 2012-06-29 17:02 - 00000000 ____A C:\Users\JIM\defogger_reenable
2012-06-29 16:59 - 2012-06-29 16:58 - 00050477 ____A C:\Users\JIM\Desktop\Defogger.exe
2012-06-29 14:50 - 2011-12-15 18:15 - 00000804 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-06-29 14:17 - 2012-06-29 14:18 - 00227824 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-29 14:17 - 2012-06-29 14:17 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-29 14:17 - 2012-06-29 14:17 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-28 13:34 - 2006-11-02 02:23 - 00002577 ____A C:\Windows\System32\config.nt
2012-06-28 12:43 - 2012-06-28 12:08 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-06-28 04:52 - 2012-06-22 17:11 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-06-28 04:52 - 2012-06-22 17:11 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-06-28 04:52 - 2012-06-22 17:11 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-06-28 04:52 - 2012-06-22 17:11 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-06-28 04:52 - 2012-06-22 17:11 - 00035928 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2012-06-28 04:52 - 2012-06-22 17:11 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-06-28 04:52 - 2012-06-22 17:10 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-06-28 04:51 - 2012-06-22 17:10 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-06-22 17:11 - 2012-06-22 17:11 - 00001829 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-06-21 15:56 - 2012-03-28 15:14 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-21 15:56 - 2012-03-05 16:36 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-18 15:49 - 2012-06-18 15:49 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-13 23:07 - 2006-11-02 02:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-05-04 15:29 - 2012-06-29 14:18 - 00772504 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-05-04 15:29 - 2012-01-19 15:47 - 00687504 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-04-14 05:58 - 2009-08-29 12:14 - 00870128 ____A C:\Users\JIM\AppData\Roaming\mcs.rma
2012-04-14 05:58 - 2009-08-29 12:14 - 00000004 ____A C:\Users\JIM\AppData\Roaming\C438BC
2012-04-08 14:16 - 2011-06-29 15:24 - 00903806 ____A C:\RNDISCoInstaller.txt
2012-04-04 11:56 - 2011-05-10 17:01 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

ZeroAccess:
C:\Windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}
C:\Windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\L
C:\Windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U

ZeroAccess:
C:\Users\JIM\AppData\Local\{95686ae0-cf77-9b61-b307-6fb92576ffe6}
C:\Users\JIM\AppData\Local\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\@
C:\Users\JIM\AppData\Local\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\L
C:\Users\JIM\AppData\Local\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe
[2009-01-01 04:15] - [2008-10-28 22:29] - 2927104 ____A (Microsoft Corporation) 4F554999D7D5F05DAAEBBA7B5BA1089D

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-01-01 05:12] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 5DC3C54FC22BBB6F66C290C7C0384DF9

C:\Windows\System32\User32.dll
[2009-01-01 05:13] - [2008-01-18 23:36] - 0627200 ____A (Microsoft Corporation) B974D9F06DC7D1908E825DC201681269

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2009-01-01 05:13] - [2008-01-18 23:42] - 0227896 ____A (Microsoft Corporation) D8B4A53DD2769F226B3EB374374987C9


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 34%
Total physical RAM: 1013.56 MB
Available physical RAM: 662.36 MB
Total Pagefile: 853.72 MB
Available Pagefile: 726.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.72 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:105.67 GB) (Free:22.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (Recovery) (Fixed) (Total:6.12 GB) (Free:0.88 GB) NTFS
4 Drive f: (THUMB DRIVE) (Removable) (Total:7.47 GB) (Free:2.82 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 112 GB 993 KB
Disk 1 Online 7664 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 6269 MB 1024 KB
Partition 2 Primary 106 GB 6270 MB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 6269 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 106 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7656 MB 22 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F THUMB DRIVE FAT32 Removable 7656 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-01 18:55

======================= End Of Log ==========================

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:04 AM

Posted 02 July 2012 - 09:19 PM

Greetings

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 SurlyBastage

SurlyBastage
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 03 July 2012 - 05:31 PM

Farbar Recovery Scan Tool Version: 01-07-2012
Ran by SYSTEM at 2012-07-03 18:17:35
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009-01-01 05:12] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\Windows\System32\services.exe
[2009-01-01 05:12] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 5DC3C54FC22BBB6F66C290C7C0384DF9

C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2011-05-08 18:57] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

=== End Of Search ===

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:04 AM

Posted 03 July 2012 - 09:42 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}
C:\Users\JIM\AppData\Local\{95686ae0-cf77-9b61-b307-6fb92576ffe6}
 


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 SurlyBastage

SurlyBastage
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 04 July 2012 - 12:09 AM

I tried to run frst64.exe and received the following message

X:\windows\system32>f:\FRST64.exe
This version of f:\FRST64.exe is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need a x86 <32-bit> or <64-bit> version of the program, and then contact the software publisher.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:04 AM

Posted 04 July 2012 - 12:11 AM

use the same one you used before


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 SurlyBastage

SurlyBastage
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 04 July 2012 - 12:40 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 01-07-2012
Ran by SYSTEM at 2012-07-04 01:32:26 Run:1
Running from F:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6} moved successfully.
C:\Users\JIM\AppData\Local\{95686ae0-cf77-9b61-b307-6fb92576ffe6} moved successfully.

==== End of Fixlog ====

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:04 AM

Posted 04 July 2012 - 12:45 AM

Now I would like you to rerun combofix for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 SurlyBastage

SurlyBastage
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 04 July 2012 - 08:53 AM

I disabled the Avast shileds for 1 hr before I ran combofix (log below). Combofix rebooted the computer 1 time and when it did the Avast shileds were on.

Also, now when I try to open Internet Explorer or combofixlog.txt I get the following message - Illegal operation attempted on a registry key that has been marked for deletion

ComboFix 12-07-01.04 - JIM 07/04/2012 2:11.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1013.364 [GMT -4:00]
Running from: c:\users\JIM\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\pswi_preloaded.exe
c:\users\JIM\AppData\Local\{79B4180F-F443-47CB-A321-4C65B4C1F84D}
c:\users\JIM\AppData\Local\{79B4180F-F443-47CB-A321-4C65B4C1F84D}\chrome.manifest
c:\users\JIM\AppData\Local\{79B4180F-F443-47CB-A321-4C65B4C1F84D}\chrome\content\_cfg.js
c:\users\JIM\AppData\Local\{79B4180F-F443-47CB-A321-4C65B4C1F84D}\chrome\content\overlay.xul
c:\users\JIM\AppData\Local\{79B4180F-F443-47CB-A321-4C65B4C1F84D}\install.rdf
c:\users\JIM\AppData\Roaming\C438BC
c:\windows\~GLC0000.TMP
c:\windows\~GLH0000.TMP
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\@
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\00000001.@
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\80000000.@
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\800000cb.@
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz12ED.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz13B9.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz1CE1.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz295E.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz2B34.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz311D.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz33A.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz39E0.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz424D.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz474C.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz474D.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz4AD4.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz51A2.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz532B.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz53C1.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz575B.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz6088.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz62C5.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz676.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz6860.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz6861.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz6D42.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz6E03.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz780D.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz78BB.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz78BD.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz7BE3.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz7BE5.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz7CD8.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz8531.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz8A7C.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz925D.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz99AE.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz9C0F.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz9EAA.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trz9EAB.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trzADA1.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trzADB1.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trzB00E.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trzB18F.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trzC192.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trzC1F0.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trzC43B.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trzC626.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trzCC90.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trzCC92.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trzDB34.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trzDCE9.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trzE4E2.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trzE56D.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trzEA30.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trzEA31.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trzEA70.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trzF061.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trzF062.tmp
c:\windows\Installer\{95686ae0-cf77-9b61-b307-6fb92576ffe6}\U\trzF783.tmp
c:\windows\system32\FE05DA0D.dll
c:\windows\system32\FE05F3D5.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_{79007602-0CDB-4405-9DBF-1257BB3226EE}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 06:25 . 2012-07-04 06:25 -------- d-----w- c:\users\Donna\AppData\Local\temp
2012-07-04 06:25 . 2012-07-04 06:33 -------- d-----w- c:\users\JIM\AppData\Local\temp
2012-07-04 06:25 . 2012-07-04 06:25 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-04 06:25 . 2012-07-04 06:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-03 02:06 . 2012-07-03 02:06 -------- d-----w- C:\FRST
2012-06-29 22:59 . 2006-03-29 14:05 32768 ------w- c:\windows\system32\IJRMF.exe
2012-06-29 22:19 . 2012-06-29 22:19 -------- d-----w- c:\program files\Oracle
2012-06-29 22:18 . 2012-05-04 23:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-29 22:05 . 2012-06-29 22:05 -------- d-----w- c:\programdata\McAfee
2012-06-28 21:49 . 2012-06-28 21:49 -------- d-----w- c:\users\JIM\AppData\Local\ElevatedDiagnostics
2012-06-28 20:08 . 2012-06-28 20:43 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-23 01:11 . 2012-06-28 12:52 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-23 01:11 . 2012-06-28 12:52 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-23 01:11 . 2012-06-28 12:52 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-06-23 01:11 . 2012-06-28 12:52 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-23 01:11 . 2012-06-28 12:52 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-23 01:11 . 2012-06-28 12:52 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-23 01:10 . 2012-06-28 12:52 41224 ----a-w- c:\windows\avastSS.scr
2012-06-23 01:10 . 2012-06-28 12:51 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-23 01:09 . 2012-06-23 01:09 -------- d-----w- c:\programdata\AVAST Software
2012-06-23 01:09 . 2012-06-23 01:09 -------- d-----w- c:\program files\AVAST Software
2012-06-21 23:58 . 2012-06-21 23:58 -------- d-sh--w- c:\windows\system32\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 23:56 . 2012-03-28 23:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-21 23:56 . 2012-03-06 00:36 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 23:29 . 2012-01-19 23:47 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-23 00:52 . 2012-06-23 00:52 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-06-28 12:51 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-11-13 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2006-11-11 43128]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-16 3784704]
"VAIOSurvey"="c:\program files\Sony Corporation\VAIO Survey\Vista VAIO Survey.exe" [2006-12-07 577536]
"VAIOSecurity"="c:\program files\Sony\VAIO Security Center\VSC.exe" [2006-11-28 2150400]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-28 198160]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-13 81920]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"Linksys Wireless-N Notebook Adapter"="c:\program files\Linksys\Wireless-N Network Monitor\WPC300N.exe" [2006-04-28 36864]
"InstantAccess"="c:\program files\TextBridge Pro Millennium\Bin\InstantAccess.exe" [2001-10-04 49152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-13 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-13 106496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-06-28 4273976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-07 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-11-24 18:36 73728 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-30 08:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-06-29 00:27 3905408 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://att.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
FF - ProfilePath - c:\users\JIM\AppData\Roaming\Mozilla\Firefox\Profiles\jwsi331m.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B253cdbb6-a71b-44f3-9ad5-b4ba63c6dbc9%7D&mid=f7754ed519af47d1aa68d15aefaa04a9-80391b5240125a12089bf9f480b6c4b638feeb6a&ds=AVG&v=9.0.0.21&lang=en&pr=pr&d=2011-12-15%2022%3A18%3A49&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
MSConfigStartUp-CanonMyPrinter - c:\program files\Canon\MyPrinter\BJMyPrt.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire\Corel PhotoDownloader.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
MSConfigStartUp-uProWebSync - c:\program files\Callaway\UPROConnector\UPROConnector.exe
MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-04 02:35
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1048)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\program files\TextBridge Pro Millennium\Bin\TBMHOOK.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Linksys\Wireless-N Network Monitor\NICServ.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Linksys\Wireless-N Network Monitor\OdHost.exe
c:\program files\Apoint\Apntex.exe
.
**************************************************************************
.
Completion time: 2012-07-04 02:41:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-04 06:41
.
Pre-Run: 24,021,131,264 bytes free
Post-Run: 23,981,735,936 bytes free
.
- - End Of File - - 4321C26F484489DFEE08A1B182A3B6BC

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:04 AM

Posted 04 July 2012 - 12:48 PM

Greetings

Please reboot the computer as indicated in my instructions above

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 SurlyBastage

SurlyBastage
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 04 July 2012 - 03:12 PM

15:29:21.0028 3156 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
15:29:21.0059 3156 ============================================================
15:29:21.0059 3156 Current date / time: 2012/07/04 15:29:21.0059
15:29:21.0059 3156 SystemInfo:
15:29:21.0059 3156
15:29:21.0059 3156 OS Version: 6.0.6001 ServicePack: 1.0
15:29:21.0059 3156 Product type: Workstation
15:29:21.0059 3156 ComputerName: JIM-PC
15:29:21.0059 3156 UserName: JIM
15:29:21.0059 3156 Windows directory: C:\Windows
15:29:21.0059 3156 System windows directory: C:\Windows
15:29:21.0059 3156 Processor architecture: Intel x86
15:29:21.0059 3156 Number of processors: 2
15:29:21.0059 3156 Page size: 0x1000
15:29:21.0059 3156 Boot type: Normal boot
15:29:21.0059 3156 ============================================================
15:29:22.0526 3156 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:29:22.0573 3156 Drive \Device\Harddisk3\DR3 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:29:22.0573 3156 ============================================================
15:29:22.0573 3156 \Device\Harddisk0\DR0:
15:29:22.0573 3156 MBR partitions:
15:29:22.0573 3156 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC3F000, BlocksNum 0xD3553B0
15:29:22.0573 3156 \Device\Harddisk3\DR3:
15:29:22.0573 3156 MBR partitions:
15:29:22.0573 3156 \Device\Harddisk3\DR3\Partition0: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
15:29:22.0573 3156 ============================================================
15:29:22.0619 3156 C: <-> \Device\Harddisk0\DR0\Partition0
15:29:22.0619 3156 ============================================================
15:29:22.0619 3156 Initialize success
15:29:22.0619 3156 ============================================================
15:29:31.0277 3868 ============================================================
15:29:31.0277 3868 Scan started
15:29:31.0277 3868 Mode: Manual;
15:29:31.0277 3868 ============================================================
15:29:33.0025 3868 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:29:33.0040 3868 !SASCORE - ok
15:29:33.0290 3868 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
15:29:33.0290 3868 ACPI - ok
15:29:33.0368 3868 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
15:29:33.0383 3868 adp94xx - ok
15:29:33.0461 3868 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
15:29:33.0461 3868 adpahci - ok
15:29:33.0477 3868 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
15:29:33.0493 3868 adpu160m - ok
15:29:33.0524 3868 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
15:29:33.0524 3868 adpu320 - ok
15:29:33.0602 3868 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:29:33.0602 3868 AeLookupSvc - ok
15:29:33.0680 3868 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
15:29:33.0695 3868 AFD - ok
15:29:33.0758 3868 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
15:29:33.0758 3868 agp440 - ok
15:29:33.0820 3868 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:29:33.0836 3868 aic78xx - ok
15:29:33.0867 3868 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
15:29:33.0867 3868 ALG - ok
15:29:33.0898 3868 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
15:29:33.0898 3868 aliide - ok
15:29:33.0914 3868 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
15:29:33.0914 3868 amdagp - ok
15:29:33.0929 3868 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
15:29:33.0945 3868 amdide - ok
15:29:33.0961 3868 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
15:29:33.0961 3868 AmdK7 - ok
15:29:33.0992 3868 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
15:29:33.0992 3868 AmdK8 - ok
15:29:34.0054 3868 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
15:29:34.0070 3868 ApfiltrService - ok
15:29:34.0132 3868 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
15:29:34.0132 3868 Appinfo - ok
15:29:34.0163 3868 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
15:29:34.0179 3868 arc - ok
15:29:34.0226 3868 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
15:29:34.0226 3868 arcsas - ok
15:29:34.0304 3868 aswFsBlk (5679eaf49f7e2a93ceadcf0aaf6fa3a3) C:\Windows\system32\drivers\aswFsBlk.sys
15:29:34.0304 3868 aswFsBlk - ok
15:29:34.0397 3868 aswMonFlt (59d8733060cd5130961680e9785f9752) C:\Windows\system32\drivers\aswMonFlt.sys
15:29:34.0397 3868 aswMonFlt - ok
15:29:34.0429 3868 AswRdr (b221d97841c02ae79ec5c56172724f5c) C:\Windows\system32\drivers\AswRdr.sys
15:29:34.0429 3868 AswRdr - ok
15:29:34.0522 3868 aswSnx (1aee85af4b664ea9e22ebe41e8f96571) C:\Windows\system32\drivers\aswSnx.sys
15:29:34.0553 3868 aswSnx - ok
15:29:34.0631 3868 aswSP (3c9d1aeb0fafa8493335503ebee9a301) C:\Windows\system32\drivers\aswSP.sys
15:29:34.0631 3868 aswSP - ok
15:29:34.0678 3868 aswTdi (74f58f4adafaf50b9a09cb6e17b4ee49) C:\Windows\system32\drivers\aswTdi.sys
15:29:34.0694 3868 aswTdi - ok
15:29:34.0741 3868 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:29:34.0741 3868 AsyncMac - ok
15:29:34.0787 3868 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
15:29:34.0803 3868 atapi - ok
15:29:34.0881 3868 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
15:29:34.0912 3868 AudioEndpointBuilder - ok
15:29:34.0912 3868 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
15:29:34.0928 3868 Audiosrv - ok
15:29:35.0068 3868 Automatic LiveUpdate Scheduler (b5d974c1fd078a68c7536c561b031d39) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
15:29:35.0099 3868 Automatic LiveUpdate Scheduler - ok
15:29:35.0240 3868 avast! Antivirus (b31f785751157aa8e2a33ea1cb4dc5be) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:29:35.0240 3868 avast! Antivirus - ok
15:29:35.0302 3868 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:29:35.0302 3868 Beep - ok
15:29:35.0411 3868 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
15:29:35.0443 3868 BFE - ok
15:29:35.0505 3868 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
15:29:35.0505 3868 bowser - ok
15:29:35.0583 3868 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:29:35.0583 3868 BrFiltLo - ok
15:29:35.0599 3868 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:29:35.0599 3868 BrFiltUp - ok
15:29:35.0661 3868 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
15:29:35.0661 3868 Browser - ok
15:29:35.0708 3868 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:29:35.0708 3868 Brserid - ok
15:29:35.0739 3868 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:29:35.0755 3868 BrSerWdm - ok
15:29:35.0770 3868 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:29:35.0770 3868 BrUsbMdm - ok
15:29:35.0801 3868 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:29:35.0801 3868 BrUsbSer - ok
15:29:35.0864 3868 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:29:35.0864 3868 BTHMODEM - ok
15:29:35.0989 3868 catchme - ok
15:29:36.0020 3868 CBTNDIS4 - ok
15:29:36.0067 3868 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:29:36.0082 3868 cdfs - ok
15:29:36.0145 3868 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\Windows\system32\drivers\Cdr4_xp.sys
15:29:36.0145 3868 Cdr4_xp - ok
15:29:36.0145 3868 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\Windows\system32\drivers\Cdralw2k.sys
15:29:36.0160 3868 Cdralw2k - ok
15:29:36.0223 3868 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
15:29:36.0238 3868 cdrom - ok
15:29:36.0316 3868 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
15:29:36.0316 3868 CertPropSvc - ok
15:29:36.0347 3868 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
15:29:36.0347 3868 circlass - ok
15:29:36.0410 3868 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
15:29:36.0410 3868 CLFS - ok
15:29:36.0550 3868 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:29:36.0550 3868 clr_optimization_v2.0.50727_32 - ok
15:29:36.0659 3868 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:29:36.0675 3868 clr_optimization_v4.0.30319_32 - ok
15:29:36.0769 3868 CLTNetCnService - ok
15:29:36.0831 3868 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:29:36.0831 3868 CmBatt - ok
15:29:36.0862 3868 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
15:29:36.0862 3868 cmdide - ok
15:29:36.0878 3868 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:29:36.0878 3868 Compbatt - ok
15:29:36.0893 3868 COMSysApp - ok
15:29:36.0909 3868 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
15:29:36.0909 3868 crcdisk - ok
15:29:36.0940 3868 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
15:29:36.0940 3868 Crusoe - ok
15:29:37.0018 3868 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
15:29:37.0034 3868 CryptSvc - ok
15:29:37.0127 3868 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
15:29:37.0174 3868 DcomLaunch - ok
15:29:37.0205 3868 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
15:29:37.0205 3868 DfsC - ok
15:29:37.0736 3868 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
15:29:37.0829 3868 DFSR - ok
15:29:38.0063 3868 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
15:29:38.0063 3868 Dhcp - ok
15:29:38.0219 3868 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
15:29:38.0235 3868 disk - ok
15:29:38.0282 3868 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
15:29:38.0297 3868 DMICall - ok
15:29:38.0329 3868 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
15:29:38.0329 3868 Dnscache - ok
15:29:38.0391 3868 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
15:29:38.0407 3868 dot3svc - ok
15:29:38.0563 3868 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
15:29:38.0563 3868 DPS - ok
15:29:38.0641 3868 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:29:38.0656 3868 drmkaud - ok
15:29:39.0077 3868 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
15:29:39.0124 3868 DXGKrnl - ok
15:29:39.0280 3868 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:29:39.0280 3868 E1G60 - ok
15:29:39.0389 3868 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
15:29:39.0421 3868 EapHost - ok
15:29:39.0483 3868 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
15:29:39.0499 3868 Ecache - ok
15:29:39.0608 3868 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
15:29:39.0623 3868 ehRecvr - ok
15:29:39.0733 3868 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
15:29:39.0733 3868 ehSched - ok
15:29:39.0764 3868 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
15:29:39.0764 3868 ehstart - ok
15:29:39.0904 3868 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
15:29:39.0920 3868 elxstor - ok
15:29:40.0045 3868 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
15:29:40.0138 3868 EMDMgmt - ok
15:29:40.0372 3868 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
15:29:40.0419 3868 EventSystem - ok
15:29:40.0528 3868 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
15:29:40.0544 3868 exfat - ok
15:29:40.0700 3868 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
15:29:40.0715 3868 fastfat - ok
15:29:40.0887 3868 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
15:29:40.0965 3868 fdc - ok
15:29:41.0074 3868 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
15:29:41.0152 3868 fdPHost - ok
15:29:41.0293 3868 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:29:41.0308 3868 FDResPub - ok
15:29:41.0573 3868 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:29:41.0589 3868 FileInfo - ok
15:29:41.0729 3868 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:29:41.0761 3868 Filetrace - ok
15:29:41.0807 3868 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
15:29:41.0870 3868 flpydisk - ok
15:29:42.0291 3868 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
15:29:42.0353 3868 FltMgr - ok
15:29:42.0697 3868 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:29:42.0728 3868 FontCache3.0.0.0 - ok
15:29:42.0775 3868 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:29:42.0775 3868 Fs_Rec - ok
15:29:43.0040 3868 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
15:29:43.0165 3868 gagp30kx - ok
15:29:44.0927 3868 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
15:29:44.0959 3868 gpsvc - ok
15:29:45.0068 3868 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:29:45.0083 3868 gusvc - ok
15:29:45.0302 3868 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:29:45.0317 3868 HdAudAddService - ok
15:29:45.0364 3868 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:29:45.0380 3868 HDAudBus - ok
15:29:45.0395 3868 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:29:45.0395 3868 HidBth - ok
15:29:45.0427 3868 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:29:45.0442 3868 HidIr - ok
15:29:45.0551 3868 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
15:29:45.0567 3868 hidserv - ok
15:29:45.0598 3868 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
15:29:45.0598 3868 HidUsb - ok
15:29:45.0661 3868 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
15:29:45.0661 3868 hkmsvc - ok
15:29:45.0676 3868 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
15:29:45.0676 3868 HpCISSs - ok
15:29:45.0723 3868 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:29:45.0723 3868 HSFHWAZL - ok
15:29:45.0832 3868 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:29:45.0863 3868 HSF_DPV - ok
15:29:45.0926 3868 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:29:45.0926 3868 HSXHWAZL - ok
15:29:46.0004 3868 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
15:29:46.0019 3868 HTTP - ok
15:29:46.0051 3868 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
15:29:46.0066 3868 i2omp - ok
15:29:46.0129 3868 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:29:46.0129 3868 i8042prt - ok
15:29:46.0347 3868 ialm (a4fba5b34e69e46315a7c5223a470a17) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:29:46.0409 3868 ialm - ok
15:29:46.0597 3868 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
15:29:46.0612 3868 iaStorV - ok
15:29:46.0706 3868 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:29:46.0721 3868 IDriverT - ok
15:29:46.0846 3868 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:29:46.0909 3868 idsvc - ok
15:29:47.0252 3868 igfx (a4fba5b34e69e46315a7c5223a470a17) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:29:47.0283 3868 igfx - ok
15:29:47.0408 3868 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:29:47.0423 3868 iirsp - ok
15:29:47.0501 3868 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
15:29:47.0533 3868 IKEEXT - ok
15:29:47.0735 3868 IntcAzAudAddService (a47b2875680ad67b35c6150bd0203056) C:\Windows\system32\drivers\RTKVHDA.sys
15:29:47.0813 3868 IntcAzAudAddService - ok
15:29:47.0969 3868 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:29:47.0969 3868 intelide - ok
15:29:48.0032 3868 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:29:48.0032 3868 intelppm - ok
15:29:48.0079 3868 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
15:29:48.0094 3868 IPBusEnum - ok
15:29:48.0125 3868 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:29:48.0141 3868 IpFilterDriver - ok
15:29:48.0188 3868 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
15:29:48.0203 3868 iphlpsvc - ok
15:29:48.0281 3868 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
15:29:48.0297 3868 IPMIDRV - ok
15:29:48.0344 3868 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:29:48.0344 3868 IPNAT - ok
15:29:48.0391 3868 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:29:48.0391 3868 IRENUM - ok
15:29:48.0422 3868 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
15:29:48.0422 3868 isapnp - ok
15:29:48.0484 3868 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
15:29:48.0484 3868 iScsiPrt - ok
15:29:48.0515 3868 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:29:48.0515 3868 iteatapi - ok
15:29:48.0562 3868 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:29:48.0578 3868 iteraid - ok
15:29:48.0593 3868 jkbed - ok
15:29:48.0640 3868 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:29:48.0640 3868 kbdclass - ok
15:29:48.0671 3868 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
15:29:48.0671 3868 kbdhid - ok
15:29:48.0734 3868 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
15:29:48.0734 3868 KeyIso - ok
15:29:48.0781 3868 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
15:29:48.0812 3868 KSecDD - ok
15:29:48.0905 3868 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
15:29:48.0937 3868 KtmRm - ok
15:29:48.0983 3868 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\System32\srvsvc.dll
15:29:48.0983 3868 LanmanServer - ok
15:29:49.0061 3868 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
15:29:49.0077 3868 LanmanWorkstation - ok
15:29:49.0483 3868 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
15:29:49.0623 3868 LiveUpdate - ok
15:29:49.0701 3868 LiveUpdate Notice Ex - ok
15:29:49.0810 3868 LiveUpdate Notice Service (deb2a99c1ad9b9190c78e895ae60a745) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
15:29:49.0841 3868 LiveUpdate Notice Service - ok
15:29:50.0029 3868 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:29:50.0029 3868 lltdio - ok
15:29:50.0075 3868 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
15:29:50.0091 3868 lltdsvc - ok
15:29:50.0122 3868 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:29:50.0138 3868 lmhosts - ok
15:29:50.0169 3868 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
15:29:50.0169 3868 LSI_FC - ok
15:29:50.0200 3868 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
15:29:50.0200 3868 LSI_SAS - ok
15:29:50.0263 3868 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
15:29:50.0263 3868 LSI_SCSI - ok
15:29:50.0309 3868 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:29:50.0309 3868 luafv - ok
15:29:50.0387 3868 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
15:29:50.0387 3868 MBAMSwissArmy - ok
15:29:50.0419 3868 MCSTRM - ok
15:29:50.0450 3868 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
15:29:50.0465 3868 Mcx2Svc - ok
15:29:50.0481 3868 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:29:50.0481 3868 mdmxsdk - ok
15:29:50.0559 3868 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
15:29:50.0559 3868 megasas - ok
15:29:50.0606 3868 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:29:50.0606 3868 MMCSS - ok
15:29:50.0637 3868 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:29:50.0637 3868 Modem - ok
15:29:50.0715 3868 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:29:50.0715 3868 monitor - ok
15:29:50.0731 3868 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:29:50.0731 3868 mouclass - ok
15:29:50.0746 3868 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:29:50.0762 3868 mouhid - ok
15:29:50.0793 3868 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:29:50.0809 3868 MountMgr - ok
15:29:50.0902 3868 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:29:50.0902 3868 MozillaMaintenance - ok
15:29:50.0965 3868 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
15:29:50.0980 3868 mpio - ok
15:29:51.0011 3868 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:29:51.0011 3868 mpsdrv - ok
15:29:51.0089 3868 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
15:29:51.0105 3868 MpsSvc - ok
15:29:51.0121 3868 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:29:51.0136 3868 Mraid35x - ok
15:29:51.0167 3868 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
15:29:51.0167 3868 MRxDAV - ok
15:29:51.0214 3868 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:29:51.0214 3868 mrxsmb - ok
15:29:51.0261 3868 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:29:51.0261 3868 mrxsmb10 - ok
15:29:51.0292 3868 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:29:51.0292 3868 mrxsmb20 - ok
15:29:51.0339 3868 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
15:29:51.0339 3868 msahci - ok
15:29:51.0464 3868 MSCSPTISRV (3421b35e19f63c0e6bb326aaf59e4634) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
15:29:51.0464 3868 MSCSPTISRV - ok
15:29:51.0495 3868 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
15:29:51.0511 3868 msdsm - ok
15:29:51.0557 3868 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
15:29:51.0557 3868 MSDTC - ok
15:29:51.0635 3868 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:29:51.0635 3868 Msfs - ok
15:29:51.0698 3868 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:29:51.0698 3868 msisadrv - ok
15:29:51.0745 3868 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
15:29:51.0745 3868 MSiSCSI - ok
15:29:51.0760 3868 msiserver - ok
15:29:51.0823 3868 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:29:51.0823 3868 MSKSSRV - ok
15:29:51.0854 3868 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:29:51.0854 3868 MSPCLOCK - ok
15:29:51.0885 3868 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:29:51.0885 3868 MSPQM - ok
15:29:51.0932 3868 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
15:29:51.0947 3868 MsRPC - ok
15:29:51.0963 3868 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:29:51.0963 3868 mssmbios - ok
15:29:52.0010 3868 MSSQL$VAIO_VEDB - ok
15:29:52.0057 3868 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:29:52.0072 3868 MSSQLServerADHelper - ok
15:29:52.0088 3868 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:29:52.0103 3868 MSTEE - ok
15:29:52.0135 3868 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
15:29:52.0135 3868 Mup - ok
15:29:52.0197 3868 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
15:29:52.0244 3868 napagent - ok
15:29:52.0291 3868 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
15:29:52.0291 3868 NativeWifiP - ok
15:29:52.0369 3868 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
15:29:52.0400 3868 NDIS - ok
15:29:52.0431 3868 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:29:52.0447 3868 NdisTapi - ok
15:29:52.0493 3868 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:29:52.0493 3868 Ndisuio - ok
15:29:52.0556 3868 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
15:29:52.0556 3868 NdisWan - ok
15:29:52.0603 3868 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:29:52.0603 3868 NDProxy - ok
15:29:52.0634 3868 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:29:52.0634 3868 NetBIOS - ok
15:29:52.0681 3868 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
15:29:52.0681 3868 netbt - ok
15:29:52.0805 3868 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
15:29:52.0805 3868 Netlogon - ok
15:29:52.0868 3868 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
15:29:52.0899 3868 Netman - ok
15:29:52.0946 3868 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
15:29:52.0977 3868 netprofm - ok
15:29:53.0055 3868 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:29:53.0055 3868 NetTcpPortSharing - ok
15:29:53.0242 3868 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
15:29:53.0320 3868 NETw3v32 - ok
15:29:53.0523 3868 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:29:53.0523 3868 nfrd960 - ok
15:29:53.0663 3868 NICSer_WPC300N (ebd9fba350db6baba71b6be30c9939e4) C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe
15:29:53.0695 3868 NICSer_WPC300N - ok
15:29:53.0741 3868 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
15:29:53.0757 3868 NlaSvc - ok
15:29:53.0788 3868 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
15:29:53.0788 3868 Npfs - ok
15:29:53.0835 3868 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
15:29:53.0851 3868 nsi - ok
15:29:53.0882 3868 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:29:53.0882 3868 nsiproxy - ok
15:29:54.0007 3868 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
15:29:54.0085 3868 Ntfs - ok
15:29:54.0163 3868 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:29:54.0178 3868 ntrigdigi - ok
15:29:54.0272 3868 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:29:54.0272 3868 Null - ok
15:29:54.0319 3868 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
15:29:54.0334 3868 nvraid - ok
15:29:54.0365 3868 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
15:29:54.0381 3868 nvstor - ok
15:29:54.0443 3868 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
15:29:54.0443 3868 nv_agp - ok
15:29:54.0615 3868 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:29:54.0662 3868 odserv - ok
15:29:54.0771 3868 odysseyIM4 (7af6ec0ea4261ecf7da084103be31ea8) C:\Windows\system32\DRIVERS\odysseyIM4.sys
15:29:54.0787 3868 odysseyIM4 - ok
15:29:54.0911 3868 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
15:29:54.0911 3868 ohci1394 - ok
15:29:54.0958 3868 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:29:54.0958 3868 ose - ok
15:29:55.0067 3868 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
15:29:55.0099 3868 p2pimsvc - ok
15:29:55.0130 3868 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
15:29:55.0145 3868 p2psvc - ok
15:29:55.0208 3868 PACSPTISVR (3a5dcd91483821e4cf3cf294dab6e56b) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
15:29:55.0223 3868 PACSPTISVR - ok
15:29:55.0255 3868 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:29:55.0255 3868 Parport - ok
15:29:55.0301 3868 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
15:29:55.0301 3868 partmgr - ok
15:29:55.0333 3868 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:29:55.0333 3868 Parvdm - ok
15:29:55.0379 3868 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
15:29:55.0395 3868 PcaSvc - ok
15:29:55.0442 3868 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
15:29:55.0457 3868 pci - ok
15:29:55.0473 3868 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\DRIVERS\pciide.sys
15:29:55.0473 3868 pciide - ok
15:29:55.0551 3868 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
15:29:55.0567 3868 pcmcia - ok
15:29:55.0723 3868 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:29:55.0769 3868 PEAUTH - ok
15:29:55.0941 3868 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
15:29:56.0019 3868 pla - ok
15:29:56.0175 3868 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
15:29:56.0191 3868 PlugPlay - ok
15:29:56.0269 3868 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
15:29:56.0315 3868 PNRPAutoReg - ok
15:29:56.0331 3868 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
15:29:56.0347 3868 PNRPsvc - ok
15:29:56.0440 3868 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
15:29:56.0456 3868 PolicyAgent - ok
15:29:56.0534 3868 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:29:56.0549 3868 PptpMiniport - ok
15:29:56.0565 3868 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
15:29:56.0581 3868 Processor - ok
15:29:56.0627 3868 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
15:29:56.0643 3868 ProfSvc - ok
15:29:56.0690 3868 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
15:29:56.0690 3868 ProtectedStorage - ok
15:29:56.0737 3868 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
15:29:56.0737 3868 PSched - ok
15:29:56.0783 3868 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
15:29:56.0783 3868 PxHelp20 - ok
15:29:56.0955 3868 QBFCService (d37394a114213822f3f627548208be8c) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
15:29:56.0955 3868 QBFCService - ok
15:29:57.0080 3868 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
15:29:57.0127 3868 ql2300 - ok
15:29:57.0158 3868 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:29:57.0173 3868 ql40xx - ok
15:29:57.0220 3868 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
15:29:57.0236 3868 QWAVE - ok
15:29:57.0283 3868 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:29:57.0283 3868 QWAVEdrv - ok
15:29:57.0314 3868 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:29:57.0329 3868 RasAcd - ok
15:29:57.0361 3868 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
15:29:57.0376 3868 RasAuto - ok
15:29:57.0439 3868 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:29:57.0439 3868 Rasl2tp - ok
15:29:57.0485 3868 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
15:29:57.0501 3868 RasMan - ok
15:29:57.0532 3868 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
15:29:57.0532 3868 RasPppoe - ok
15:29:57.0595 3868 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
15:29:57.0595 3868 RasSstp - ok
15:29:57.0626 3868 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
15:29:57.0641 3868 rdbss - ok
15:29:57.0657 3868 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:29:57.0657 3868 RDPCDD - ok
15:29:57.0719 3868 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
15:29:57.0735 3868 rdpdr - ok
15:29:57.0751 3868 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:29:57.0751 3868 RDPENCDD - ok
15:29:57.0782 3868 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
15:29:57.0782 3868 RDPWD - ok
15:29:57.0829 3868 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
15:29:57.0829 3868 RemoteAccess - ok
15:29:57.0875 3868 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
15:29:57.0875 3868 RemoteRegistry - ok
15:29:57.0922 3868 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:29:57.0922 3868 RpcLocator - ok
15:29:57.0985 3868 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
15:29:57.0985 3868 RpcSs - ok
15:29:58.0016 3868 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:29:58.0016 3868 rspndr - ok
15:29:58.0047 3868 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
15:29:58.0047 3868 SamSs - ok
15:29:58.0187 3868 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:29:58.0187 3868 SASDIFSV - ok
15:29:58.0265 3868 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
15:29:58.0281 3868 SASENUM - ok
15:29:58.0328 3868 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
15:29:58.0328 3868 SASKUTIL - ok
15:29:58.0375 3868 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:29:58.0375 3868 sbp2port - ok
15:29:58.0421 3868 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
15:29:58.0421 3868 SCardSvr - ok
15:29:58.0531 3868 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
15:29:58.0577 3868 Schedule - ok
15:29:58.0609 3868 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
15:29:58.0609 3868 SCPolicySvc - ok
15:29:58.0640 3868 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
15:29:58.0655 3868 SDRSVC - ok
15:29:58.0687 3868 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:29:58.0687 3868 secdrv - ok
15:29:58.0718 3868 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
15:29:58.0733 3868 seclogon - ok
15:29:58.0749 3868 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
15:29:58.0749 3868 SENS - ok
15:29:58.0780 3868 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:29:58.0780 3868 Serenum - ok
15:29:58.0811 3868 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:29:58.0827 3868 Serial - ok
15:29:58.0858 3868 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:29:58.0858 3868 sermouse - ok
15:29:58.0936 3868 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
15:29:58.0952 3868 SessionEnv - ok
15:29:58.0967 3868 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
15:29:58.0967 3868 sffdisk - ok
15:29:58.0999 3868 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
15:29:58.0999 3868 sffp_mmc - ok
15:29:59.0045 3868 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
15:29:59.0045 3868 sffp_sd - ok
15:29:59.0077 3868 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
15:29:59.0077 3868 sfloppy - ok
15:29:59.0155 3868 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
15:29:59.0186 3868 SharedAccess - ok
15:29:59.0233 3868 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
15:29:59.0248 3868 ShellHWDetection - ok
15:29:59.0279 3868 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
15:29:59.0295 3868 sisagp - ok
15:29:59.0311 3868 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
15:29:59.0311 3868 SiSRaid2 - ok
15:29:59.0357 3868 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
15:29:59.0357 3868 SiSRaid4 - ok
15:29:59.0607 3868 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
15:29:59.0732 3868 slsvc - ok
15:30:00.0059 3868 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
15:30:00.0106 3868 SLUINotify - ok
15:30:00.0293 3868 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
15:30:00.0309 3868 Smb - ok
15:30:00.0371 3868 SNC (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys
15:30:00.0371 3868 SNC - ok
15:30:00.0403 3868 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:30:00.0418 3868 SNMPTRAP - ok
15:30:00.0434 3868 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:30:00.0449 3868 spldr - ok
15:30:00.0496 3868 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
15:30:00.0512 3868 Spooler - ok
15:30:00.0590 3868 SPTISRV (09eedfd8e748dcfd742ec37638c99a59) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
15:30:00.0590 3868 SPTISRV - ok
15:30:00.0652 3868 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:30:00.0652 3868 SQLBrowser - ok
15:30:00.0699 3868 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:30:00.0715 3868 SQLWriter - ok
15:30:00.0777 3868 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
15:30:00.0777 3868 srv - ok
15:30:00.0839 3868 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
15:30:00.0839 3868 srv2 - ok
15:30:00.0871 3868 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
15:30:00.0871 3868 srvnet - ok
15:30:00.0933 3868 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\Windows\system32\DRIVERS\sscdbus.sys
15:30:00.0933 3868 sscdbus - ok
15:30:01.0011 3868 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:30:01.0011 3868 sscdmdfl - ok
15:30:01.0058 3868 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\Windows\system32\DRIVERS\sscdmdm.sys
15:30:01.0058 3868 sscdmdm - ok
15:30:01.0105 3868 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\Windows\system32\DRIVERS\sscdserd.sys
15:30:01.0120 3868 sscdserd - ok
15:30:01.0167 3868 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
15:30:01.0183 3868 SSDPSRV - ok
15:30:01.0276 3868 SSScsiSV (fa468a51c23ea3246f2f1b5cc4dc6bc4) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
15:30:01.0276 3868 SSScsiSV - ok
15:30:01.0354 3868 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
15:30:01.0370 3868 SstpSvc - ok
15:30:01.0448 3868 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
15:30:01.0479 3868 stisvc - ok
15:30:01.0510 3868 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:30:01.0510 3868 swenum - ok
15:30:01.0588 3868 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
15:30:01.0604 3868 swprv - ok
15:30:01.0635 3868 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:30:01.0651 3868 Symc8xx - ok
15:30:01.0682 3868 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:30:01.0682 3868 Sym_hi - ok
15:30:01.0713 3868 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:30:01.0713 3868 Sym_u3 - ok
15:30:01.0791 3868 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
15:30:01.0838 3868 SysMain - ok
15:30:01.0885 3868 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:30:01.0900 3868 TabletInputService - ok
15:30:01.0947 3868 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
15:30:01.0963 3868 TapiSrv - ok
15:30:02.0025 3868 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
15:30:02.0041 3868 TBS - ok
15:30:02.0150 3868 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
15:30:02.0197 3868 Tcpip - ok
15:30:02.0228 3868 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
15:30:02.0243 3868 Tcpip6 - ok
15:30:02.0275 3868 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
15:30:02.0275 3868 tcpipreg - ok
15:30:02.0321 3868 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:30:02.0321 3868 TDPIPE - ok
15:30:02.0353 3868 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:30:02.0353 3868 TDTCP - ok
15:30:02.0399 3868 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
15:30:02.0415 3868 tdx - ok
15:30:02.0493 3868 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
15:30:02.0493 3868 TermDD - ok
15:30:02.0571 3868 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
15:30:02.0602 3868 TermService - ok
15:30:02.0665 3868 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
15:30:02.0680 3868 Themes - ok
15:30:02.0727 3868 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:30:02.0727 3868 THREADORDER - ok
15:30:02.0789 3868 ti21sony (7c7445b4c2bd46c56abb3499da52b75c) C:\Windows\system32\drivers\ti21sony.sys
15:30:02.0805 3868 ti21sony - ok
15:30:02.0836 3868 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
15:30:02.0852 3868 TrkWks - ok
15:30:02.0914 3868 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
15:30:02.0914 3868 TrustedInstaller - ok
15:30:02.0961 3868 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:30:02.0961 3868 tssecsrv - ok
15:30:03.0039 3868 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:30:03.0039 3868 tunmp - ok
15:30:03.0055 3868 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
15:30:03.0055 3868 tunnel - ok
15:30:03.0101 3868 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
15:30:03.0101 3868 uagp35 - ok
15:30:03.0164 3868 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
15:30:03.0164 3868 udfs - ok
15:30:03.0226 3868 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
15:30:03.0242 3868 UI0Detect - ok
15:30:03.0257 3868 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
15:30:03.0273 3868 uliagpkx - ok
15:30:03.0320 3868 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
15:30:03.0320 3868 uliahci - ok
15:30:03.0335 3868 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:30:03.0367 3868 UlSata - ok
15:30:03.0398 3868 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:30:03.0398 3868 ulsata2 - ok
15:30:03.0429 3868 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:30:03.0429 3868 umbus - ok
15:30:03.0523 3868 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
15:30:03.0538 3868 upnphost - ok
15:30:03.0663 3868 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\Windows\system32\DRIVERS\lgusbbus.sys
15:30:03.0679 3868 usbbus - ok
15:30:03.0788 3868 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:30:03.0803 3868 usbccgp - ok
15:30:03.0881 3868 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:30:03.0897 3868 usbcir - ok
15:30:03.0959 3868 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\Windows\system32\DRIVERS\lgusbdiag.sys
15:30:03.0975 3868 UsbDiag - ok
15:30:04.0069 3868 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
15:30:04.0084 3868 usbehci - ok
15:30:04.0193 3868 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
15:30:04.0209 3868 usbhub - ok
15:30:04.0240 3868 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\Windows\system32\DRIVERS\lgusbmodem.sys
15:30:04.0240 3868 USBModem - ok
15:30:04.0287 3868 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:30:04.0287 3868 usbohci - ok
15:30:04.0334 3868 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:30:04.0334 3868 usbprint - ok
15:30:04.0474 3868 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:30:04.0474 3868 usbscan - ok
15:30:04.0583 3868 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:30:04.0583 3868 USBSTOR - ok
15:30:04.0630 3868 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:30:04.0646 3868 usbuhci - ok
15:30:04.0708 3868 usb_rndisx (ee181a08e09db23cf4a49b46a1e66bb8) C:\Windows\system32\DRIVERS\usb8023x.sys
15:30:04.0708 3868 usb_rndisx - ok
15:30:04.0755 3868 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
15:30:04.0771 3868 UxSms - ok
15:30:04.0864 3868 VAIO Entertainment TV Device Arbitration Service (31535dc689f8fa6a816036b375349173) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
15:30:04.0864 3868 VAIO Entertainment TV Device Arbitration Service - ok
15:30:04.0973 3868 VAIO Event Service (3587947466e8e9256db05abe3a9d398f) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
15:30:04.0989 3868 VAIO Event Service - ok
15:30:05.0223 3868 VAIOMediaPlatform-IntegratedServer-AppServer (88dc6b884824a578b0e1e9c3790c105b) C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
15:30:05.0348 3868 VAIOMediaPlatform-IntegratedServer-AppServer - ok
15:30:05.0691 3868 VAIOMediaPlatform-IntegratedServer-HTTP (56e33aaa46cba8431e72486196afb3a1) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
15:30:05.0707 3868 VAIOMediaPlatform-IntegratedServer-HTTP - ok
15:30:05.0816 3868 VAIOMediaPlatform-IntegratedServer-UPnP (addf0e4e19bd2ff0a0b852d324fdc281) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
15:30:05.0863 3868 VAIOMediaPlatform-IntegratedServer-UPnP - ok
15:30:05.0972 3868 VAIOMediaPlatform-UCLS-AppServer (52d4f568fe7d05ae5026b8717eeb59eb) C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
15:30:06.0003 3868 VAIOMediaPlatform-UCLS-AppServer - ok
15:30:06.0081 3868 VAIOMediaPlatform-UCLS-HTTP (56e33aaa46cba8431e72486196afb3a1) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
15:30:06.0097 3868 VAIOMediaPlatform-UCLS-HTTP - ok
15:30:06.0190 3868 VAIOMediaPlatform-UCLS-UPnP (addf0e4e19bd2ff0a0b852d324fdc281) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
15:30:06.0206 3868 VAIOMediaPlatform-UCLS-UPnP - ok
15:30:06.0268 3868 Vcsw - ok
15:30:06.0471 3868 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
15:30:06.0502 3868 vds - ok
15:30:06.0596 3868 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
15:30:06.0596 3868 vga - ok
15:30:06.0643 3868 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:30:06.0643 3868 VgaSave - ok
15:30:06.0674 3868 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
15:30:06.0674 3868 viaagp - ok
15:30:06.0705 3868 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
15:30:06.0705 3868 ViaC7 - ok
15:30:06.0736 3868 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
15:30:06.0752 3868 viaide - ok
15:30:06.0783 3868 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:30:06.0799 3868 volmgr - ok
15:30:06.0861 3868 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
15:30:06.0861 3868 volmgrx - ok
15:30:06.0923 3868 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
15:30:06.0939 3868 volsnap - ok
15:30:06.0970 3868 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
15:30:06.0986 3868 vsmraid - ok
15:30:07.0111 3868 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
15:30:07.0173 3868 VSS - ok
15:30:07.0282 3868 VzCdbSvc (5feb20d9ed9a2bd4f234222b0a3bb855) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
15:30:07.0282 3868 VzCdbSvc - ok
15:30:07.0313 3868 VzFw (3757dfd3c07896ef660d4060366e7b4e) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
15:30:07.0313 3868 VzFw - ok
15:30:07.0516 3868 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
15:30:07.0547 3868 W32Time - ok
15:30:07.0610 3868 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:30:07.0610 3868 WacomPen - ok
15:30:07.0657 3868 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:30:07.0672 3868 Wanarp - ok
15:30:07.0672 3868 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:30:07.0672 3868 Wanarpv6 - ok
15:30:07.0750 3868 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
15:30:07.0813 3868 wcncsvc - ok
15:30:07.0844 3868 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:30:07.0859 3868 WcsPlugInService - ok
15:30:07.0891 3868 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
15:30:07.0891 3868 Wd - ok
15:30:07.0969 3868 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:30:08.0000 3868 Wdf01000 - ok
15:30:08.0047 3868 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:30:08.0062 3868 WdiServiceHost - ok
15:30:08.0062 3868 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:30:08.0078 3868 WdiSystemHost - ok
15:30:08.0140 3868 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
15:30:08.0156 3868 WebClient - ok
15:30:08.0203 3868 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
15:30:08.0218 3868 Wecsvc - ok
15:30:08.0265 3868 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
15:30:08.0281 3868 wercplsupport - ok
15:30:08.0327 3868 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
15:30:08.0343 3868 WerSvc - ok
15:30:08.0390 3868 WimFltr (c8d53a13e867d5a7eafb19400016560f) C:\Windows\system32\DRIVERS\wimfltr.sys
15:30:08.0405 3868 WimFltr - ok
15:30:08.0515 3868 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:30:08.0593 3868 winachsf - ok
15:30:08.0686 3868 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
15:30:08.0702 3868 WinDefend - ok
15:30:08.0717 3868 WinHttpAutoProxySvc - ok
15:30:08.0795 3868 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
15:30:08.0811 3868 Winmgmt - ok
15:30:08.0936 3868 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
15:30:09.0014 3868 WinRM - ok
15:30:09.0107 3868 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
15:30:09.0154 3868 Wlansvc - ok
15:30:09.0201 3868 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
15:30:09.0217 3868 WmiAcpi - ok
15:30:09.0295 3868 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
15:30:09.0310 3868 wmiApSrv - ok
15:30:09.0435 3868 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:30:09.0482 3868 WMPNetworkSvc - ok
15:30:09.0529 3868 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
15:30:09.0544 3868 WPCSvc - ok
15:30:09.0607 3868 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
15:30:09.0622 3868 WPDBusEnum - ok
15:30:09.0669 3868 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
15:30:09.0685 3868 WpdUsb - ok
15:30:09.0887 3868 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:30:10.0059 3868 WPFFontCache_v0400 - ok
15:30:10.0106 3868 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:30:10.0106 3868 ws2ifsl - ok
15:30:10.0153 3868 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
15:30:10.0168 3868 wscsvc - ok
15:30:10.0184 3868 WSearch - ok
15:30:10.0387 3868 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
15:30:10.0465 3868 wuauserv - ok
15:30:10.0730 3868 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:30:10.0730 3868 WUDFRd - ok
15:30:10.0777 3868 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
15:30:10.0792 3868 wudfsvc - ok
15:30:10.0901 3868 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
15:30:10.0901 3868 XAudio - ok
15:30:10.0948 3868 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
15:30:10.0964 3868 XAudioService - ok
15:30:11.0026 3868 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
15:30:11.0042 3868 yukonwlh - ok
15:30:11.0151 3868 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:30:11.0416 3868 \Device\Harddisk0\DR0 - ok
15:30:11.0432 3868 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR3
15:30:11.0447 3868 \Device\Harddisk3\DR3 - ok
15:30:11.0447 3868 Boot (0x1200) (59a8e468e70d6f3b23a55e55cd9bbaa0) \Device\Harddisk0\DR0\Partition0
15:30:11.0463 3868 \Device\Harddisk0\DR0\Partition0 - ok
15:30:11.0463 3868 Boot (0x1200) (4991a7625433ab694d740f2d180b6847) \Device\Harddisk3\DR3\Partition0
15:30:11.0463 3868 \Device\Harddisk3\DR3\Partition0 - ok
15:30:11.0479 3868 ============================================================
15:30:11.0479 3868 Scan finished
15:30:11.0479 3868 ============================================================
15:30:11.0510 2528 Detected object count: 0
15:30:11.0510 2528 Actual detected object count: 0


**************************************
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-04 15:32:16
-----------------------------
15:32:16.622 OS Version: Windows 6.0.6001 Service Pack 1
15:32:16.622 Number of processors: 2 586 0xE08
15:32:16.622 ComputerName: JIM-PC UserName: JIM
15:32:57.993 Initialize success
15:32:59.304 AVAST engine defs: 12070400
15:33:12.829 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
15:33:12.829 Disk 0 Vendor: FUJITSU_MHW2120BH 00000012 Size: 114473MB BusType: 3
15:33:12.844 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000076
15:33:12.844 Disk 1 Vendor: ( Size: 114473MB BusType: 0
15:33:12.860 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000077
15:33:12.876 Disk 2 Vendor: ( Size: 114473MB BusType: 0
15:33:12.922 Disk 0 MBR read successfully
15:33:12.938 Disk 0 MBR scan
15:33:12.938 Disk 0 Windows VISTA default MBR code
15:33:12.969 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 6269 MB offset 2048
15:33:13.000 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 108202 MB offset 12840960
15:33:13.032 Disk 0 scanning sectors +234439600
15:33:13.188 Disk 0 scanning C:\Windows\system32\drivers
15:33:34.060 Service scanning
15:34:09.129 Modules scanning
15:34:51.296 Disk 0 trace - called modules:
15:34:51.343 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys
15:34:51.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84cf5620]
15:34:51.358 3 CLASSPNP.SYS[86b9e745] -> nt!IofCallDriver -> [0x83dacdf0]
15:34:51.358 5 acpi.sys[806976a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x83dbcba0]
15:34:54.198 AVAST engine scan C:\Windows
15:35:03.511 AVAST engine scan C:\Windows\system32
15:39:07.791 AVAST engine scan C:\Windows\system32\drivers
15:39:25.840 AVAST engine scan C:\Users\JIM
15:39:27.759 File: C:\Users\JIM\AppData\Local\Apps\Adobe\owyvjq.dll **INFECTED** Win32:Tracur-IB [Trj]
15:43:11.011 AVAST engine scan C:\ProgramData
16:01:21.560 Scan finished successfully
16:04:37.278 Disk 0 MBR has been saved successfully to "C:\Users\JIM\Desktop\MBR.dat"
16:04:37.293 The log file has been saved successfully to "C:\Users\JIM\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users