Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirecting - Malwarebytes says Trojan.agent


  • Please log in to reply
27 replies to this topic

#1 Jmg90300zx

Jmg90300zx

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 11 February 2012 - 12:33 AM

First my computer was redirecting at google.com like crazy. Lost control of the browser. Installed Malwarebytes and it found two infected trojan files. I removed and restarted. Now I have the control back of my internet explorer but Malwarebytes keeps telling me it's blocking a certain IP.

Can you help?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:18 PM

Posted 11 February 2012 - 12:36 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 Jmg90300zx

Jmg90300zx
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 11 February 2012 - 01:13 AM

Ok, Here we go!

It did find two files. Rootkit.boot.pihar.b which it recommends I cure, and TDSS File System which it recommends I skip.

I haven't taken action on either yet. I left that open.


21:37:44.0512 1436 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
21:37:44.0933 1436 ============================================================
21:37:44.0933 1436 Current date / time: 2012/02/10 21:37:44.0933
21:37:44.0933 1436 SystemInfo:
21:37:44.0933 1436
21:37:44.0933 1436 OS Version: 6.1.7601 ServicePack: 1.0
21:37:44.0933 1436 Product type: Workstation
21:37:44.0933 1436 ComputerName: JON-PC
21:37:44.0933 1436 UserName: Jon
21:37:44.0933 1436 Windows directory: C:\windows
21:37:44.0933 1436 System windows directory: C:\windows
21:37:44.0933 1436 Running under WOW64
21:37:44.0933 1436 Processor architecture: Intel x64
21:37:44.0933 1436 Number of processors: 4
21:37:44.0933 1436 Page size: 0x1000
21:37:44.0933 1436 Boot type: Normal boot
21:37:44.0933 1436 ============================================================
21:37:45.0526 1436 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:37:45.0542 1436 \Device\Harddisk0\DR0:
21:37:45.0542 1436 MBR used
21:37:45.0542 1436 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48737800
21:37:45.0573 1436 Initialize success
21:37:45.0573 1436 ============================================================
21:38:12.0322 5320 ============================================================
21:38:12.0322 5320 Scan started
21:38:12.0322 5320 Mode: Manual; TDLFS;
21:38:12.0322 5320 ============================================================
21:38:13.0555 5320 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
21:38:13.0570 5320 1394ohci - ok
21:38:14.0038 5320 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
21:38:14.0054 5320 ACPI - ok
21:38:14.0444 5320 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
21:38:14.0460 5320 AcpiPmi - ok
21:38:14.0896 5320 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
21:38:14.0912 5320 adp94xx - ok
21:38:15.0333 5320 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
21:38:15.0333 5320 adpahci - ok
21:38:15.0739 5320 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
21:38:15.0754 5320 adpu320 - ok
21:38:16.0144 5320 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
21:38:16.0160 5320 AFD - ok
21:38:16.0581 5320 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
21:38:16.0581 5320 agp440 - ok
21:38:17.0002 5320 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
21:38:17.0002 5320 aliide - ok
21:38:17.0392 5320 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
21:38:17.0392 5320 amdide - ok
21:38:17.0782 5320 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
21:38:17.0782 5320 AmdK8 - ok
21:38:18.0172 5320 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
21:38:18.0172 5320 AmdPPM - ok
21:38:18.0562 5320 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
21:38:18.0640 5320 amdsata - ok
21:38:19.0015 5320 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
21:38:19.0015 5320 amdsbs - ok
21:38:19.0420 5320 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
21:38:19.0420 5320 amdxata - ok
21:38:19.0810 5320 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
21:38:19.0826 5320 AppID - ok
21:38:20.0247 5320 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
21:38:20.0247 5320 arc - ok
21:38:20.0668 5320 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
21:38:20.0684 5320 arcsas - ok
21:38:21.0074 5320 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
21:38:21.0074 5320 AsyncMac - ok
21:38:21.0464 5320 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
21:38:21.0464 5320 atapi - ok
21:38:21.0932 5320 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
21:38:21.0963 5320 b06bdrv - ok
21:38:22.0353 5320 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
21:38:22.0369 5320 b57nd60a - ok
21:38:22.0774 5320 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
21:38:22.0774 5320 Beep - ok
21:38:23.0071 5320 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120207.003\BHDrvx64.sys
21:38:23.0102 5320 BHDrvx64 - ok
21:38:23.0492 5320 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\drivers\blbdrive.sys
21:38:23.0508 5320 blbdrive - ok
21:38:23.0913 5320 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
21:38:23.0913 5320 bowser - ok
21:38:24.0288 5320 bpenum (56e4345f392f17d66683225e214840cb) C:\windows\system32\DRIVERS\bpenum.sys
21:38:24.0288 5320 bpenum - ok
21:38:24.0724 5320 bpmp (d50b07c4d7afec4ca6ac8fcb72583c5b) C:\windows\system32\DRIVERS\bpmp.sys
21:38:24.0724 5320 bpmp - ok
21:38:25.0146 5320 bpusb (a85ba55e4fe9cb2f342f281aaf7de810) C:\windows\system32\Drivers\bpusb.sys
21:38:25.0146 5320 bpusb - ok
21:38:25.0582 5320 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
21:38:25.0582 5320 BrFiltLo - ok
21:38:25.0957 5320 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
21:38:25.0972 5320 BrFiltUp - ok
21:38:26.0394 5320 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
21:38:26.0409 5320 Brserid - ok
21:38:26.0815 5320 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
21:38:26.0815 5320 BrSerWdm - ok
21:38:27.0252 5320 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
21:38:27.0252 5320 BrUsbMdm - ok
21:38:27.0657 5320 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
21:38:27.0673 5320 BrUsbSer - ok
21:38:28.0063 5320 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
21:38:28.0078 5320 BTHMODEM - ok
21:38:28.0500 5320 ccSet_NIS (9a2a298479be9354fed42c9a40a9c214) C:\windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys
21:38:28.0515 5320 ccSet_NIS - ok
21:38:28.0921 5320 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
21:38:28.0936 5320 cdfs - ok
21:38:29.0326 5320 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
21:38:29.0326 5320 cdrom - ok
21:38:29.0732 5320 CeKbFilter (a965b206921c55f2d1481789d609b711) C:\windows\system32\DRIVERS\CeKbFilter.sys
21:38:29.0732 5320 CeKbFilter - ok
21:38:30.0200 5320 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
21:38:30.0200 5320 circlass - ok
21:38:30.0496 5320 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
21:38:30.0512 5320 CLFS - ok
21:38:30.0933 5320 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\drivers\CmBatt.sys
21:38:30.0933 5320 CmBatt - ok
21:38:31.0292 5320 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
21:38:31.0292 5320 cmdide - ok
21:38:31.0651 5320 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
21:38:31.0666 5320 CNG - ok
21:38:32.0041 5320 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
21:38:32.0041 5320 Compbatt - ok
21:38:32.0400 5320 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
21:38:32.0400 5320 CompositeBus - ok
21:38:32.0774 5320 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
21:38:32.0790 5320 crcdisk - ok
21:38:33.0211 5320 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
21:38:33.0211 5320 DfsC - ok
21:38:33.0601 5320 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
21:38:33.0601 5320 discache - ok
21:38:33.0944 5320 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
21:38:33.0960 5320 Disk - ok
21:38:34.0350 5320 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
21:38:34.0365 5320 drmkaud - ok
21:38:34.0740 5320 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
21:38:34.0755 5320 DXGKrnl - ok
21:38:35.0208 5320 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
21:38:35.0348 5320 ebdrv - ok
21:38:35.0426 5320 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:38:35.0442 5320 eeCtrl - ok
21:38:35.0832 5320 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
21:38:35.0847 5320 elxstor - ok
21:38:35.0941 5320 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:38:35.0957 5320 EraserUtilRebootDrv - ok
21:38:36.0284 5320 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
21:38:36.0300 5320 ErrDev - ok
21:38:36.0674 5320 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
21:38:36.0674 5320 exfat - ok
21:38:37.0033 5320 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
21:38:37.0033 5320 fastfat - ok
21:38:37.0392 5320 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
21:38:37.0392 5320 fdc - ok
21:38:37.0782 5320 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
21:38:37.0797 5320 FileInfo - ok
21:38:38.0109 5320 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
21:38:38.0125 5320 Filetrace - ok
21:38:38.0531 5320 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
21:38:38.0531 5320 flpydisk - ok
21:38:38.0889 5320 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
21:38:38.0889 5320 FltMgr - ok
21:38:39.0264 5320 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
21:38:39.0279 5320 FsDepends - ok
21:38:39.0623 5320 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
21:38:39.0623 5320 Fs_Rec - ok
21:38:39.0966 5320 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
21:38:39.0981 5320 fvevol - ok
21:38:40.0325 5320 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
21:38:40.0325 5320 gagp30kx - ok
21:38:40.0683 5320 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
21:38:40.0683 5320 GEARAspiWDM - ok
21:38:41.0120 5320 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
21:38:41.0120 5320 hcw85cir - ok
21:38:41.0495 5320 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
21:38:41.0510 5320 HdAudAddService - ok
21:38:41.0900 5320 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
21:38:41.0900 5320 HDAudBus - ok
21:38:42.0243 5320 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
21:38:42.0243 5320 HidBatt - ok
21:38:42.0587 5320 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
21:38:42.0602 5320 HidBth - ok
21:38:42.0977 5320 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
21:38:42.0977 5320 HidIr - ok
21:38:43.0351 5320 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
21:38:43.0351 5320 HidUsb - ok
21:38:43.0772 5320 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
21:38:43.0772 5320 HpSAMD - ok
21:38:44.0209 5320 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
21:38:44.0225 5320 HTTP - ok
21:38:44.0661 5320 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
21:38:44.0661 5320 hwpolicy - ok
21:38:45.0083 5320 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
21:38:45.0083 5320 i8042prt - ok
21:38:45.0488 5320 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
21:38:45.0504 5320 iaStor - ok
21:38:45.0894 5320 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
21:38:45.0972 5320 iaStorV - ok
21:38:46.0190 5320 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120210.002\IDSvia64.sys
21:38:46.0190 5320 IDSVia64 - ok
21:38:47.0017 5320 igfx (93c8115d4baeb1bd047ab0a9b265ee7a) C:\windows\system32\DRIVERS\igdkmd64.sys
21:38:47.0282 5320 igfx - ok
21:38:47.0672 5320 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
21:38:47.0672 5320 iirsp - ok
21:38:48.0062 5320 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\windows\system32\drivers\intelaud.sys
21:38:48.0140 5320 intaud_WaveExtensible - ok
21:38:48.0608 5320 IntcAzAudAddService (ac9aafd18e4d52084c4aa8a38795b7e4) C:\windows\system32\drivers\RTKVHD64.sys
21:38:48.0639 5320 IntcAzAudAddService - ok
21:38:49.0029 5320 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
21:38:49.0029 5320 IntcDAud - ok
21:38:49.0466 5320 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
21:38:49.0466 5320 intelide - ok
21:38:49.0841 5320 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
21:38:49.0856 5320 intelppm - ok
21:38:50.0246 5320 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:38:50.0246 5320 IpFilterDriver - ok
21:38:50.0636 5320 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
21:38:50.0652 5320 IPMIDRV - ok
21:38:51.0026 5320 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
21:38:51.0042 5320 IPNAT - ok
21:38:51.0432 5320 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
21:38:51.0432 5320 IRENUM - ok
21:38:51.0822 5320 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
21:38:51.0822 5320 isapnp - ok
21:38:52.0243 5320 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
21:38:52.0259 5320 iScsiPrt - ok
21:38:52.0649 5320 iwdbus (716f66336f10885d935b08174dc54242) C:\windows\system32\DRIVERS\iwdbus.sys
21:38:52.0649 5320 iwdbus - ok
21:38:53.0023 5320 JMCR (0b44199365a69696109ab9a5855e0841) C:\windows\system32\DRIVERS\jmcr.sys
21:38:53.0101 5320 JMCR - ok
21:38:53.0475 5320 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
21:38:53.0475 5320 kbdclass - ok
21:38:53.0850 5320 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
21:38:53.0865 5320 kbdhid - ok
21:38:54.0240 5320 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
21:38:54.0240 5320 KSecDD - ok
21:38:54.0645 5320 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
21:38:54.0661 5320 KSecPkg - ok
21:38:55.0051 5320 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
21:38:55.0051 5320 ksthunk - ok
21:38:55.0503 5320 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
21:38:55.0503 5320 lltdio - ok
21:38:55.0940 5320 LPCFilter (2825a71e7501cb33b3b9f856610c729d) C:\windows\system32\DRIVERS\LPCFilter.sys
21:38:55.0940 5320 LPCFilter - ok
21:38:56.0330 5320 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
21:38:56.0330 5320 LSI_FC - ok
21:38:56.0705 5320 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
21:38:56.0720 5320 LSI_SAS - ok
21:38:57.0141 5320 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
21:38:57.0141 5320 LSI_SAS2 - ok
21:38:57.0516 5320 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
21:38:57.0516 5320 LSI_SCSI - ok
21:38:57.0890 5320 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
21:38:57.0890 5320 luafv - ok
21:38:58.0280 5320 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
21:38:58.0280 5320 MBAMProtector - ok
21:38:58.0686 5320 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
21:38:58.0686 5320 megasas - ok
21:38:59.0138 5320 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
21:38:59.0138 5320 MegaSR - ok
21:38:59.0528 5320 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
21:38:59.0544 5320 MEIx64 - ok
21:38:59.0903 5320 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
21:38:59.0918 5320 Modem - ok
21:39:00.0277 5320 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
21:39:00.0293 5320 monitor - ok
21:39:00.0683 5320 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
21:39:00.0698 5320 mouclass - ok
21:39:01.0119 5320 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
21:39:01.0119 5320 mouhid - ok
21:39:01.0494 5320 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
21:39:01.0509 5320 mountmgr - ok
21:39:01.0868 5320 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
21:39:01.0868 5320 mpio - ok
21:39:02.0227 5320 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
21:39:02.0243 5320 mpsdrv - ok
21:39:02.0679 5320 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
21:39:02.0679 5320 MRxDAV - ok
21:39:03.0101 5320 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
21:39:03.0116 5320 mrxsmb - ok
21:39:03.0475 5320 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:39:03.0491 5320 mrxsmb10 - ok
21:39:03.0849 5320 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:39:03.0865 5320 mrxsmb20 - ok
21:39:04.0286 5320 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
21:39:04.0286 5320 msahci - ok
21:39:04.0645 5320 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
21:39:04.0661 5320 msdsm - ok
21:39:05.0004 5320 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
21:39:05.0004 5320 Msfs - ok
21:39:05.0378 5320 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
21:39:05.0378 5320 mshidkmdf - ok
21:39:05.0737 5320 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
21:39:05.0737 5320 msisadrv - ok
21:39:06.0127 5320 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
21:39:06.0127 5320 MSKSSRV - ok
21:39:06.0501 5320 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
21:39:06.0501 5320 MSPCLOCK - ok
21:39:07.0001 5320 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
21:39:07.0001 5320 MSPQM - ok
21:39:07.0359 5320 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
21:39:07.0375 5320 MsRPC - ok
21:39:07.0749 5320 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
21:39:07.0749 5320 mssmbios - ok
21:39:08.0093 5320 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
21:39:08.0108 5320 MSTEE - ok
21:39:08.0451 5320 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
21:39:08.0451 5320 MTConfig - ok
21:39:08.0873 5320 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
21:39:08.0888 5320 Mup - ok
21:39:09.0372 5320 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
21:39:09.0387 5320 NativeWifiP - ok
21:39:09.0559 5320 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120210.003\ENG64.SYS
21:39:09.0559 5320 NAVENG - ok
21:39:09.0793 5320 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120210.003\EX64.SYS
21:39:09.0824 5320 NAVEX15 - ok
21:39:10.0230 5320 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
21:39:10.0245 5320 NDIS - ok
21:39:10.0698 5320 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
21:39:10.0745 5320 NdisCap - ok
21:39:11.0150 5320 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
21:39:11.0150 5320 NdisTapi - ok
21:39:11.0525 5320 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
21:39:11.0525 5320 Ndisuio - ok
21:39:11.0915 5320 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
21:39:11.0915 5320 NdisWan - ok
21:39:12.0336 5320 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
21:39:12.0336 5320 NDProxy - ok
21:39:12.0710 5320 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
21:39:12.0710 5320 NetBIOS - ok
21:39:13.0085 5320 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
21:39:13.0100 5320 NetBT - ok
21:39:13.0818 5320 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\windows\system32\DRIVERS\NETwNs64.sys
21:39:14.0021 5320 NETwNs64 - ok
21:39:14.0395 5320 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
21:39:14.0395 5320 nfrd960 - ok
21:39:14.0785 5320 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
21:39:14.0785 5320 Npfs - ok
21:39:15.0159 5320 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
21:39:15.0159 5320 nsiproxy - ok
21:39:15.0581 5320 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
21:39:15.0612 5320 Ntfs - ok
21:39:16.0017 5320 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
21:39:16.0017 5320 Null - ok
21:39:16.0392 5320 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\windows\system32\DRIVERS\nusb3hub.sys
21:39:16.0407 5320 nusb3hub - ok
21:39:16.0766 5320 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\windows\system32\DRIVERS\nusb3xhc.sys
21:39:16.0782 5320 nusb3xhc - ok
21:39:17.0172 5320 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
21:39:17.0250 5320 nvraid - ok
21:39:17.0609 5320 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
21:39:17.0687 5320 nvstor - ok
21:39:18.0061 5320 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
21:39:18.0077 5320 nv_agp - ok
21:39:18.0420 5320 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
21:39:18.0435 5320 ohci1394 - ok
21:39:18.0857 5320 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
21:39:18.0888 5320 Parport - ok
21:39:19.0293 5320 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
21:39:19.0293 5320 partmgr - ok
21:39:19.0668 5320 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
21:39:19.0683 5320 pci - ok
21:39:20.0105 5320 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
21:39:20.0105 5320 pciide - ok
21:39:20.0479 5320 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
21:39:20.0495 5320 pcmcia - ok
21:39:20.0853 5320 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
21:39:20.0853 5320 pcw - ok
21:39:21.0275 5320 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
21:39:21.0290 5320 PEAUTH - ok
21:39:21.0711 5320 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
21:39:21.0727 5320 PGEffect - ok
21:39:22.0164 5320 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
21:39:22.0164 5320 PptpMiniport - ok
21:39:22.0523 5320 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
21:39:22.0538 5320 Processor - ok
21:39:22.0913 5320 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
21:39:22.0928 5320 Psched - ok
21:39:23.0381 5320 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
21:39:23.0412 5320 ql2300 - ok
21:39:23.0786 5320 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
21:39:23.0786 5320 ql40xx - ok
21:39:24.0161 5320 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
21:39:24.0161 5320 QWAVEdrv - ok
21:39:24.0551 5320 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
21:39:24.0551 5320 RasAcd - ok
21:39:24.0925 5320 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
21:39:24.0925 5320 RasAgileVpn - ok
21:39:25.0331 5320 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
21:39:25.0331 5320 Rasl2tp - ok
21:39:25.0783 5320 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
21:39:25.0783 5320 RasPppoe - ok
21:39:26.0173 5320 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
21:39:26.0189 5320 RasSstp - ok
21:39:26.0563 5320 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
21:39:26.0579 5320 rdbss - ok
21:39:27.0047 5320 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
21:39:27.0078 5320 rdpbus - ok
21:39:27.0515 5320 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
21:39:27.0515 5320 RDPCDD - ok
21:39:27.0936 5320 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
21:39:27.0936 5320 RDPENCDD - ok
21:39:28.0326 5320 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
21:39:28.0326 5320 RDPREFMP - ok
21:39:28.0685 5320 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
21:39:28.0685 5320 RDPWD - ok
21:39:29.0075 5320 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
21:39:29.0090 5320 rdyboost - ok
21:39:29.0449 5320 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\windows\system32\drivers\regi.sys
21:39:29.0449 5320 regi - ok
21:39:29.0917 5320 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
21:39:29.0933 5320 rspndr - ok
21:39:30.0323 5320 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\windows\system32\DRIVERS\Rt64win7.sys
21:39:30.0323 5320 RTL8167 - ok
21:39:30.0713 5320 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
21:39:30.0728 5320 sbp2port - ok
21:39:31.0134 5320 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
21:39:31.0149 5320 scfilter - ok
21:39:31.0539 5320 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\DRIVERS\sdbus.sys
21:39:31.0539 5320 sdbus - ok
21:39:31.0914 5320 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
21:39:31.0914 5320 secdrv - ok
21:39:32.0319 5320 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
21:39:32.0319 5320 Serenum - ok
21:39:32.0694 5320 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
21:39:32.0694 5320 Serial - ok
21:39:33.0068 5320 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
21:39:33.0068 5320 sermouse - ok
21:39:33.0474 5320 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
21:39:33.0474 5320 sffdisk - ok
21:39:33.0864 5320 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
21:39:33.0879 5320 sffp_mmc - ok
21:39:34.0269 5320 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
21:39:34.0269 5320 sffp_sd - ok
21:39:34.0659 5320 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
21:39:34.0659 5320 sfloppy - ok
21:39:35.0112 5320 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
21:39:35.0143 5320 SiSRaid2 - ok
21:39:35.0580 5320 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
21:39:35.0595 5320 SiSRaid4 - ok
21:39:35.0985 5320 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
21:39:35.0985 5320 Smb - ok
21:39:36.0375 5320 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
21:39:36.0375 5320 spldr - ok
21:39:36.0812 5320 SRTSP (df26fa7825f9cd39fceb3f2f27e813a7) C:\windows\system32\drivers\NISx64\1300000.080\SRTSP64.SYS
21:39:36.0828 5320 SRTSP - ok
21:39:37.0249 5320 SRTSPX (a8ade1e0092b8097ddb76c9a6dc5f193) C:\windows\system32\drivers\NISx64\1300000.080\SRTSPX64.SYS
21:39:37.0265 5320 SRTSPX - ok
21:39:37.0639 5320 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
21:39:37.0655 5320 srv - ok
21:39:38.0029 5320 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
21:39:38.0045 5320 srv2 - ok
21:39:38.0419 5320 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
21:39:38.0435 5320 srvnet - ok
21:39:38.0809 5320 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
21:39:38.0809 5320 stexstor - ok
21:39:39.0246 5320 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
21:39:39.0246 5320 swenum - ok
21:39:39.0651 5320 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\NISx64\1300000.080\SYMDS64.SYS
21:39:39.0667 5320 SymDS - ok
21:39:40.0088 5320 SymEFA (f016d755aadd6a16555809d4b289497e) C:\windows\system32\drivers\NISx64\1300000.080\SYMEFA64.SYS
21:39:40.0119 5320 SymEFA - ok
21:39:40.0509 5320 SymEvent (36b77f5c9e21f88a8c8ec67ad5415819) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
21:39:40.0509 5320 SymEvent - ok
21:39:40.0899 5320 SymIRON (321b635a0c0ff48047d37f6f078c5342) C:\windows\system32\drivers\NISx64\1300000.080\Ironx64.SYS
21:39:40.0915 5320 SymIRON - ok
21:39:41.0305 5320 SymNetS (5ea027a364116963e37a281b1949ffd5) C:\windows\system32\drivers\NISx64\1300000.080\SYMNETS.SYS
21:39:41.0305 5320 SymNetS - ok
21:39:41.0789 5320 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
21:39:41.0820 5320 SynTP - ok
21:39:42.0272 5320 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
21:39:42.0303 5320 Tcpip - ok
21:39:42.0725 5320 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
21:39:42.0756 5320 TCPIP6 - ok
21:39:43.0130 5320 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
21:39:43.0130 5320 tcpipreg - ok
21:39:43.0536 5320 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
21:39:43.0536 5320 tdcmdpst - ok
21:39:43.0910 5320 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
21:39:43.0910 5320 TDPIPE - ok
21:39:44.0269 5320 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
21:39:44.0269 5320 TDTCP - ok
21:39:44.0659 5320 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
21:39:44.0659 5320 tdx - ok
21:39:45.0018 5320 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
21:39:45.0018 5320 TermDD - ok
21:39:45.0501 5320 Thpdrv (7f35ca8296a52c7161088eb1d952e8ed) C:\windows\system32\DRIVERS\thpdrv.sys
21:39:45.0501 5320 Thpdrv - ok
21:39:45.0938 5320 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
21:39:45.0938 5320 Thpevm - ok
21:39:46.0375 5320 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
21:39:46.0391 5320 tos_sps64 - ok
21:39:46.0765 5320 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
21:39:46.0765 5320 tssecsrv - ok
21:39:47.0186 5320 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
21:39:47.0186 5320 TsUsbFlt - ok
21:39:47.0545 5320 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
21:39:47.0545 5320 TsUsbGD - ok
21:39:47.0919 5320 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
21:39:47.0919 5320 tunnel - ok
21:39:48.0309 5320 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
21:39:48.0309 5320 TVALZ - ok
21:39:48.0653 5320 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
21:39:48.0653 5320 TVALZFL - ok
21:39:49.0027 5320 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
21:39:49.0027 5320 uagp35 - ok
21:39:49.0433 5320 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
21:39:49.0448 5320 udfs - ok
21:39:49.0838 5320 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
21:39:49.0838 5320 uliagpkx - ok
21:39:50.0213 5320 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
21:39:50.0228 5320 umbus - ok
21:39:50.0618 5320 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
21:39:50.0618 5320 UmPass - ok
21:39:51.0024 5320 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
21:39:51.0024 5320 usbccgp - ok
21:39:51.0429 5320 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
21:39:51.0461 5320 usbcir - ok
21:39:51.0851 5320 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
21:39:51.0851 5320 usbehci - ok
21:39:52.0225 5320 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\drivers\usbhub.sys
21:39:52.0241 5320 usbhub - ok
21:39:52.0599 5320 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
21:39:52.0662 5320 usbohci - ok
21:39:53.0021 5320 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
21:39:53.0036 5320 usbprint - ok
21:39:53.0442 5320 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:39:53.0551 5320 USBSTOR - ok
21:39:53.0910 5320 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
21:39:53.0972 5320 usbuhci - ok
21:39:54.0362 5320 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
21:39:54.0362 5320 usbvideo - ok
21:39:54.0737 5320 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
21:39:54.0752 5320 vdrvroot - ok
21:39:55.0127 5320 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
21:39:55.0142 5320 vga - ok
21:39:55.0501 5320 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
21:39:55.0501 5320 VgaSave - ok
21:39:55.0860 5320 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
21:39:55.0875 5320 vhdmp - ok
21:39:56.0250 5320 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
21:39:56.0250 5320 viaide - ok
21:39:56.0624 5320 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
21:39:56.0624 5320 volmgr - ok
21:39:56.0999 5320 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
21:39:57.0014 5320 volmgrx - ok
21:39:57.0373 5320 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
21:39:57.0389 5320 volsnap - ok
21:39:57.0747 5320 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
21:39:57.0763 5320 vsmraid - ok
21:39:58.0137 5320 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
21:39:58.0137 5320 vwifibus - ok
21:39:58.0496 5320 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
21:39:58.0512 5320 vwififlt - ok
21:39:58.0871 5320 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
21:39:58.0871 5320 vwifimp - ok
21:39:59.0261 5320 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
21:39:59.0276 5320 WacomPen - ok
21:39:59.0682 5320 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:39:59.0697 5320 WANARP - ok
21:39:59.0713 5320 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:39:59.0713 5320 Wanarpv6 - ok
21:40:00.0165 5320 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
21:40:00.0165 5320 Wd - ok
21:40:00.0571 5320 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
21:40:00.0587 5320 Wdf01000 - ok
21:40:00.0977 5320 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
21:40:00.0977 5320 WfpLwf - ok
21:40:01.0460 5320 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
21:40:01.0460 5320 WIMMount - ok
21:40:01.0897 5320 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
21:40:01.0897 5320 WmiAcpi - ok
21:40:02.0303 5320 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
21:40:02.0303 5320 ws2ifsl - ok
21:40:02.0677 5320 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
21:40:02.0693 5320 WudfPf - ok
21:40:03.0051 5320 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
21:40:03.0051 5320 WUDFRd - ok
21:40:03.0161 5320 MBR (0x1B8) (b5d3b89509933463264ff7748b075c37) \Device\Harddisk0\DR0
21:40:03.0207 5320 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
21:40:03.0207 5320 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
21:40:04.0003 5320 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:40:04.0003 5320 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:40:04.0034 5320 Boot (0x1200) (2410d28dc9439690f8eb468db187ae40) \Device\Harddisk0\DR0\Partition0
21:40:04.0034 5320 \Device\Harddisk0\DR0\Partition0 - ok
21:40:04.0034 5320 ============================================================
21:40:04.0034 5320 Scan finished
21:40:04.0034 5320 ============================================================
21:40:04.0050 6712 Detected object count: 2
21:40:04.0050 6712 Actual detected object count: 2


Here is gmer..

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-10 22:01:14
Windows 6.1.7601 Service Pack 1
Running: iqv7ny7c.exe


---- Files - GMER 1.0.15 ----

File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1328939585[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\info_48[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ros[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\showbanner[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\passback.c.r[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\httpErrorPagesScripts[2] 5573 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\if[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\dnserrordiagoff_webOC[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\if[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\searchTrack[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\search[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\JS[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\JS[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\JS[3].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\JS[4].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\admeld_fds_fc_ap_2[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\AdServerServlet[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ttj[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\background_gradient[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\event[1].js 106 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\event[3].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\blank[2].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\blank[3].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\blank[4].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\659586017[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ADTECH;loc=100;target=_blank;misc=1328939294999[1].js 275 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ad[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\Smart3Handler[1].ashx 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\Smart3Handler[2].ashx 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\Smart3Handler[3].ashx 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\Smart3Handler[5].ashx 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\spc_cecekeifkelefhddcflgihbe_vast2as3_viewster-pubnet_northamerica_telemetryverification_net[1].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\if[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ClientSynchronizationServlet[1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\pixel[1].js 660 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\pixel[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\pixel[4].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\pixel[5].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ptj[10].js 205 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ptj[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ptj[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\admeld[1].js 162 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\adServer[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\675538920[1].js 147 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ADTECH;loc=100;target=_blank;misc=1328939295002[1].js 134 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ADTECH;loc=100;target=_blank;misc=1328939334936;adiframe=y[1].js 134 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ADTECH;loc=100;target=_blank;misc=1328939361309[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ADTECH;loc=100;target=_blank;misc=1328939421083[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ADTECH;loc=100;target=_blank;misc=1328939481385[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ADTECH;loc=100;target=_blank;misc=1328939481386[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ADTECH;loc=100;target=_blank;misc=1328939517212;adiframe=y[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ADTECH;loc=100;target=_blank;misc=1328939542685[1].js 134 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ADTECH;loc=100;target=_blank;misc=1328939546878[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ADTECH;loc=100;target=_blank;sub1=2305722;sub2=2305720;sub3=2305719;misc=1328939298788;rdclick=[insert%20click%20tracking%20here][1].js 5835 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ADTECH;loc=100;target=_blank;sub1=2305722;sub2=2305720;sub3=2305719;misc=1328939546597;rdclick=[insert%20click%20tracking%20here][1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\tap[2].gif 49 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ttj[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ttj[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ttj[3].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\tvg-in-stream[1].js 1286 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\tvg-in-stream[2].js 2078 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\gw[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ibiview[1].js 1384 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\XFdBK4gdYcA&hl=en&fs=1&enablejsapi=1&playerapiid=unrulyVideoPlayer[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\XFdBK4gdYcA&hl=en&fs=1&enablejsapi=1&playerapiid=unrulyVideoPlayer[2].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\__utm[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\__utm[2].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\__utm[3].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\__utm[4].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\__utm[5].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\__utm[6].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\__utm[7].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\3847136[1].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\4939[1].js 519 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\4939[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\4939[3].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\4939[4].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\4939[5].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ptj[4].js 841 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ptj[5].js 329 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ptj[6].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ptj[7].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ptj[8].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ptj[9].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\getkey[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\st[2] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\tvg-in-stream[4].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\tvg15[1].js 1122 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\tvg15[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\tvg[1].js 1260 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\tvg[2].js 1190 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\tvg[3].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\tvg[4].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\tvg[5].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\USNY0996[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\dref=http%253A%252F%252Falltechnologytips[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ad%253B%253Bptgt%253Dp%2526envp%253Dg_iframe_js%2526slid%253DfiveMinCB_1_cb%2526w%253D300%2526h%253D250%2526slau%253D5min%2520display[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\NetworkEventServlet[1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\node_rcAll[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\p-c9d_b-0iR8pjg[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1[2].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ADTECH;loc=100;target=_blank;misc=1328939235524[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ADTECH;loc=100;target=_blank;misc=1328939235744[1].js 275 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ADTECH;loc=100;target=_blank;misc=1328939294997[1].js 286 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\p-c9d_b-0iR8pjg[2].gif 35 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ptj[3].js 364 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\spc_cecekeifkelefhddcflgihbe_vast2as3_viewster-pubnet_northamerica_telemetryverification_net[2].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\tvg-in-stream[3].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ca[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ca[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ca[3].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1[1].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\json[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\j[1].js 435 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\keywords_fmpub_net[1].js 148 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\json[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\keywords_fmpub_net[1].js 72 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\keywords_fmpub_net[2].js 148 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\keywords_fmpub_net[3].js 148 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\keywords_fmpub_net[4].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\keywords_fmpub_net[5].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ReportForecastDataServlet[1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\r[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\admeld_sync[1].js 181 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ADTECH;loc=100;target=_blank;misc=1328939481383[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\dref=http%253A%252F%252Falltechnologytips[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\errorPageStrings[1] 2013 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ErrorPageTemplate[2] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\event[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\event[3].js 106 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\event[4].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\verifyc[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\verifyc[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\match[1].gif 35 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\meld[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\NetworkEventServlet[1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\NetworkEventServlet[2].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\NetworkEventServlet[3].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\st[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ADTECH;loc=100;target=_blank;misc=1328939235524[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ADTECH;loc=100;target=_blank;misc=1328939235734[1].js 134 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ADTECH;loc=100;target=_blank;misc=1328939299224[1].js 275 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ADTECH;loc=100;target=_blank;misc=1328939299443[1].js 286 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ADTECH;loc=100;target=_blank;misc=1328939299645[1].js 275 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\impCA6KR8H9.js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\impCACF5NG2.js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\impCATOU5GV.js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\imp[10].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\imp[11].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\imp[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\imp[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\imp[3].js 63 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\blank[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\blank[3].gif 43 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\blank[4].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\pixel[2].js 660 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\pixel[3].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\pixel[4].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\pixel[5].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\pq[1].js 419 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\pq[2].js 549 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\down[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\gw[1].js 6386 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\gw[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ptj[1].js 344 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ptj[2].js 648 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ptj[3].js 289 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ptj[4].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ptj[5].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ptj[6].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\3847136[1].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\XFdBK4gdYcA&hl=en&fs=1&enablejsapi=1&playerapiid=unrulyVideoPlayer[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\__utm[10].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\__utm[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\__utm[2].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\__utm[3].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\__utm[4].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\__utm[5].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\__utm[6].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\__utm[7].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\__utm[8].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\__utm[9].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\Smart3Handler[1].ashx 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\Smart3Handler[2].ashx 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\Smart3Handler[3].ashx 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\Smart3Handler[4].ashx 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\Smart3Handler[5].ashx 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\Smart3Handler[6].ashx 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\77143[1].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1[1].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\imp[5].js 2437 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\imp[6].js 338 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\imp[7].js 1254 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\imp[8].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\imp[9].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ttj[1].js 937 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\tvg-in-stream[1].js 1254 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\tvg-in-stream[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\tvg15[1].js 1270 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\tvg[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\tvg[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\usersync[1].js 154 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ADTECH;loc=100;target=_blank;misc=1328939481388[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ADTECH;loc=100;target=_blank;misc=1328939481390[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ADTECH;loc=100;target=_blank;misc=1328939482627[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ADTECH;loc=100;target=_blank;misc=1328939482627[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ADTECH;loc=100;target=_blank;misc=1328939482627[3].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ADTECH;loc=100;target=_blank;misc=1328939482627[4].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ad[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ad[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\bullet[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\imp[4].js 989 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0LPQOSVK.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\133Q3OH0.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1EWQ37MM.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1NH67F0K.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1Y948N62.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\31A5QQCV.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\4DEV3FEN.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\4FWHD04I.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\J2RL2DKE.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JFUB56QG.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\L04UD7SD.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\L1RQZ3X0.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\N0FP1E8O.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\NPYV7CPP.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\NR2QM4BF.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\E1R79KZQ.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\EZXDLBM8.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\FSCJLS3N.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\FVENB2L9.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\G2LI369L.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GQJ3EXXC.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\H7BJ0Z22.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\PUG36XQW.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Q1WUHQNK.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\S794ZWHR.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\TJ2NDUSC.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\TV8AQTUI.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\UHMU7RRQ.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VJ0XV2N1.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\W1IMM3JH.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XW23U1VX.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Y9ELJ2BH.txt 239 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\YS4YYGCG.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZB43CDAQ.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6WXQEI9J.txt 288 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6ZNJ2S7J.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7OXKSIHR.txt 739 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\859PYI1I.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\8LETU8TV.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\970X35GU.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9G0X5TKK.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\BY9310OB.txt 1533 bytes

---- EOF - GMER 1.0.15 ----


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-10 22:02:30
-----------------------------
22:02:30.323 OS Version: Windows x64 6.1.7601 Service Pack 1
22:02:30.323 Number of processors: 4 586 0x2A07
22:02:30.324 ComputerName: JON-PC UserName: Jon
22:02:32.476 Initialize success
22:03:06.777 AVAST engine defs: 12021001
22:03:26.624 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:03:26.629 Disk 0 Vendor: TOSHIBA_ GT00 Size: 610480MB BusType: 3
22:03:26.634 Device \Driver\iaStor -> MajorFunction fffffa80083dc5c4
22:03:26.640 Disk 0 MBR read successfully
22:03:26.645 Disk 0 MBR scan
22:03:26.653 Disk 0 Windows VISTA default MBR code
22:03:26.694 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:03:26.712 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 593519 MB offset 3074048
22:03:26.746 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 15460 MB offset 1218600960
22:03:26.754 Service scanning
22:03:28.619 Modules scanning
22:03:28.629 Disk 0 trace - called modules:
22:03:28.644 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys >>UNKNOWN [0xfffffa80083dc5c4]<<hal.dll
22:03:28.998 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bb7060]
22:03:29.010 3 CLASSPNP.SYS[fffff8800188c43f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8007bb6060]
22:03:29.023 5 thpdrv.sys[fffff88001daa2b0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005d09050]
22:03:29.035 \Driver\iaStor[0xfffffa80083ee7e0] -> IRP_MJ_CREATE -> 0xfffffa80083dc5c4
22:03:30.768 AVAST engine scan C:\windows
22:03:33.412 AVAST engine scan C:\windows\system32
22:05:28.697 AVAST engine scan C:\windows\system32\drivers
22:05:40.179 AVAST engine scan C:\Users\Jon
22:10:19.435 AVAST engine scan C:\ProgramData
22:10:51.007 File: C:\ProgramData\Microsoft\Windows\DRM\C7B5.tmp **INFECTED** Win32:Malware-gen
22:10:51.059 File: C:\ProgramData\Microsoft\Windows\DRM\C7B6.tmp **INFECTED** Win32:Malware-gen
22:11:18.811 Scan finished successfully
22:12:21.617 Disk 0 MBR has been saved successfully to "C:\Users\Jon\Desktop\MBR.dat"
22:12:21.623 The log file has been saved successfully to "C:\Users\Jon\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:18 PM

Posted 11 February 2012 - 02:36 AM

Run TDSSkiller once again

Select DELETE for TDSSfilesystem(do not skip it)

Restart the PC

Run aswmbr once again and post the log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:18 PM

Posted 11 February 2012 - 02:38 AM

EDIT..

Edited by narenxp, 11 February 2012 - 02:40 AM.


#6 Jmg90300zx

Jmg90300zx
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 11 February 2012 - 03:38 AM

Here we go:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-10 22:02:30
-----------------------------
22:02:30.323 OS Version: Windows x64 6.1.7601 Service Pack 1
22:02:30.323 Number of processors: 4 586 0x2A07
22:02:30.324 ComputerName: JON-PC UserName: Jon
22:02:32.476 Initialize success
22:03:06.777 AVAST engine defs: 12021001
22:03:26.624 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:03:26.629 Disk 0 Vendor: TOSHIBA_ GT00 Size: 610480MB BusType: 3
22:03:26.634 Device \Driver\iaStor -> MajorFunction fffffa80083dc5c4
22:03:26.640 Disk 0 MBR read successfully
22:03:26.645 Disk 0 MBR scan
22:03:26.653 Disk 0 Windows VISTA default MBR code
22:03:26.694 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:03:26.712 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 593519 MB offset 3074048
22:03:26.746 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 15460 MB offset 1218600960
22:03:26.754 Service scanning
22:03:28.619 Modules scanning
22:03:28.629 Disk 0 trace - called modules:
22:03:28.644 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys >>UNKNOWN [0xfffffa80083dc5c4]<<hal.dll
22:03:28.998 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bb7060]
22:03:29.010 3 CLASSPNP.SYS[fffff8800188c43f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8007bb6060]
22:03:29.023 5 thpdrv.sys[fffff88001daa2b0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005d09050]
22:03:29.035 \Driver\iaStor[0xfffffa80083ee7e0] -> IRP_MJ_CREATE -> 0xfffffa80083dc5c4
22:03:30.768 AVAST engine scan C:\windows
22:03:33.412 AVAST engine scan C:\windows\system32
22:05:28.697 AVAST engine scan C:\windows\system32\drivers
22:05:40.179 AVAST engine scan C:\Users\Jon
22:10:19.435 AVAST engine scan C:\ProgramData
22:10:51.007 File: C:\ProgramData\Microsoft\Windows\DRM\C7B5.tmp **INFECTED** Win32:Malware-gen
22:10:51.059 File: C:\ProgramData\Microsoft\Windows\DRM\C7B6.tmp **INFECTED** Win32:Malware-gen
22:11:18.811 Scan finished successfully
22:12:21.617 Disk 0 MBR has been saved successfully to "C:\Users\Jon\Desktop\MBR.dat"
22:12:21.623 The log file has been saved successfully to "C:\Users\Jon\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-10 23:54:35
-----------------------------
23:54:35.680 OS Version: Windows x64 6.1.7601 Service Pack 1
23:54:35.680 Number of processors: 4 586 0x2A07
23:54:35.680 ComputerName: JON-PC UserName: Jon
23:54:37.505 Initialize success
23:54:41.343 AVAST engine defs: 12021001
23:54:42.731 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:54:42.731 Disk 0 Vendor: TOSHIBA_ GT00 Size: 610480MB BusType: 3
23:54:42.763 Disk 0 MBR read successfully
23:54:42.763 Disk 0 MBR scan
23:54:42.778 Disk 0 Windows VISTA default MBR code
23:54:42.778 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
23:54:42.794 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 593519 MB offset 3074048
23:54:42.825 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 15460 MB offset 1218600960
23:54:42.841 Service scanning
23:54:44.557 Modules scanning
23:54:44.557 Disk 0 trace - called modules:
23:54:44.619 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys
23:54:44.635 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bb7060]
23:54:44.650 3 CLASSPNP.SYS[fffff88001ba543f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8007bb6060]
23:54:44.666 5 thpdrv.sys[fffff88001fe02b0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005d0d050]
23:54:45.867 AVAST engine scan C:\windows
23:54:48.129 AVAST engine scan C:\windows\system32
23:56:55.746 AVAST engine scan C:\windows\system32\drivers
23:57:11.564 AVAST engine scan C:\Users\Jon
00:00:08.066 AVAST engine scan C:\ProgramData
00:00:40.328 File: C:\ProgramData\Microsoft\Windows\DRM\C7B5.tmp **INFECTED** Win32:Malware-gen
00:00:40.390 File: C:\ProgramData\Microsoft\Windows\DRM\C7B6.tmp **INFECTED** Win32:Malware-gen
00:01:03.447 Scan finished successfully
00:01:18.953 Disk 0 MBR has been saved successfully to "C:\Users\Jon\Desktop\MBR.dat"
00:01:18.953 The log file has been saved successfully to "C:\Users\Jon\Desktop\aswMBR.txt"


ESET

C:\ProgramData\Microsoft\Windows\DRM\C7B5.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\C7B6.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined

Minitoolbox

MiniToolBox by Farbar Version: 18-01-2012
Ran by Jon (administrator) on 11-02-2012 at 00:37:04
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 6150 = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)
Intel® Centrino® WiMAX 6150 = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Jon-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® WiMAX 6150
Physical Address. . . . . . . . . : 64-D4-DA-67-24-2F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 40-25-C2-93-1B-05
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 40-25-C2-93-1B-05
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : DC-0E-A1-3C-B9-10
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 6150
Physical Address. . . . . . . . . : 40-25-C2-93-1B-04
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2c71:33a1:1835:6fd%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, February 10, 2012 11:49:17 PM
Lease Expires . . . . . . . . . . : Saturday, February 11, 2012 9:14:33 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 239084994
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-95-9D-03-40-25-C2-93-1B-04
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{D4892B28-4590-45F9-BF28-050364412199}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1c9f:fb4:b3ea:9fb5(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c9f:fb4:b3ea:9fb5%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.224.51
74.125.224.48
74.125.224.50
74.125.224.49
74.125.224.52


Pinging google.com [74.125.224.48] with 32 bytes of data:
Reply from 74.125.224.48: bytes=32 time=20ms TTL=55
Reply from 74.125.224.48: bytes=32 time=21ms TTL=55

Ping statistics for 74.125.224.48:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 20ms, Maximum = 21ms, Average = 20ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.2.43
98.137.149.56


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=61ms TTL=50
Reply from 209.191.122.70: bytes=32 time=63ms TTL=50

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 61ms, Maximum = 63ms, Average = 62ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 3ms, Average = 2ms
===========================================================================
Interface List
16...64 d4 da 67 24 2f ......Intel® Centrino® WiMAX 6150
15...40 25 c2 93 1b 05 ......Microsoft Virtual WiFi Miniport Adapter #2
14...40 25 c2 93 1b 05 ......Microsoft Virtual WiFi Miniport Adapter
12...dc 0e a1 3c b9 10 ......Realtek PCIe FE Family Controller
11...40 25 c2 93 1b 04 ......Intel® Centrino® Wireless-N 6150
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.10 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.10 281
192.168.1.10 255.255.255.255 On-link 192.168.1.10 281
192.168.1.255 255.255.255.255 On-link 192.168.1.10 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.10 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.10 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
17 58 ::/0 On-link
1 306 ::1/128 On-link
17 58 2001::/32 On-link
17 306 2001:0:4137:9e76:1c9f:fb4:b3ea:9fb5/128
On-link
11 281 fe80::/64 On-link
17 306 fe80::/64 On-link
17 306 fe80::1c9f:fb4:b3ea:9fb5/128
On-link
11 281 fe80::2c71:33a1:1835:6fd/128
On-link
1 306 ff00::/8 On-link
17 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/11/2012 00:33:23 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/11/2012 00:33:23 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/11/2012 00:33:22 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/11/2012 00:33:22 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/11/2012 00:33:22 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/11/2012 00:33:22 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/11/2012 00:33:22 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/11/2012 00:33:22 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/11/2012 00:33:22 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/11/2012 00:33:22 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (02/10/2012 09:15:57 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (02/10/2012 09:15:48 PM) (Source: DCOM) (User: Jon)
Description: machine-defaultLocalActivation{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}{A97CA128-6998-4F8E-807E-8ED05FADAFB0}Jon-PCJonS-1-5-21-2943902557-3888213813-2589424184-1000LocalHost (Using LRPC)

Error: (02/10/2012 08:04:36 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053

Error: (02/10/2012 08:04:36 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (02/10/2012 07:39:03 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (02/10/2012 03:58:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2620712).

Error: (02/09/2012 07:22:18 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service hung on starting.


Microsoft Office Sessions:
=========================
Error: (02/11/2012 00:33:23 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/11/2012 00:33:23 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/11/2012 00:33:22 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/11/2012 00:33:22 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/11/2012 00:33:22 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/11/2012 00:33:22 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/11/2012 00:33:22 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/11/2012 00:33:22 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/11/2012 00:33:22 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/11/2012 00:33:22 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


=========================== Installed Programs ============================

Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.34)
Adobe Flash Player 10 Plugin (Version: 10.3.181.34)
Adobe Reader X (10.1.2) MUI (Version: 10.1.2)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Best Buy Connect (Version: 3.00.68)
Best Buy pc app (Version: 3.2.0.0)
Best Buy pc app (Version: 3.2.420.5)
Bonjour (Version: 3.0.0.10)
Corel WinDVD (Version: 10.0.6.100)
D3DX10 (Version: 15.4.2368.0902)
ESET Online Scanner v3
Google Chrome (Version: 12.0.742.100)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2427.2330)
Google Update Helper (Version: 1.3.21.99)
Intel PROSet Wireless
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2430)
Intel® PROSet/Wireless WiFi Software (Version: 14.01.1000)
Intel® Rapid Storage Technology (Version: 10.1.2.1004)
Intel® WiDi (Version: 2.1.41.0)
Intel® Wireless Display
Intel® PROSet/Wireless WiMAX Software (Version: 6.05.0000)
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.4.1)
Java™ 6 Update 25 (Version: 6.0.250)
JMicron Flash Media Controller Driver (Version: 1.0.57.2)
Junk Mail filter update (Version: 15.4.3502.0922)
Label@Once 1.0 (Version: 1.0)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Single Image 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.0.50401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Norton Internet Security (Version: 19.5.0.145)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Realtek Ethernet Controller Driver (Version: 7.38.113.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6305)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.34.0)
Siglos Karaoke Player/Recorder
Synaptics Pointing Device Driver (Version: 15.2.11.1)
TOSHIBA Application Installer (Version: 9.0.1.2)
TOSHIBA Assist (Version: 4.2.3.0)
Toshiba Book Place (Version: 2.2.7530)
TOSHIBA Bulletin Board (Version: 1.6.08.64)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)
TOSHIBA eco Utility (Version: 1.3.5.64)
TOSHIBA Face Recognition (Version: 3.1.17.64)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.12C)
TOSHIBA Hardware Setup (Version: 1.63.1.37C)
TOSHIBA HDD Protection (Version: 2.2.2.15)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.9)
TOSHIBA Media Controller (Version: 1.0.87.4)
TOSHIBA Media Controller Plug-in (Version: 1.0.7.5)
TOSHIBA PC Health Monitor (Version: 1.7.9.64)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.5.5109a)
TOSHIBA ReelTime (Version: 1.7.21.64)
TOSHIBA Resolution+ Plug-in for Windows Media Player (Version: 1.1.2001)
TOSHIBA Service Station (Version: 2.2.12)
TOSHIBA Sleep Utility (Version: 1.4.2.8)
TOSHIBA Supervisor Password (Version: 1.63.51.2C)
TOSHIBA Value Added Package (Version: 1.6.1.64)
TOSHIBA VIDEO PLAYER (Version: 4.00.7.06-A)
TOSHIBA Web Camera Application (Version: 2.0.3.3)
TOSHIBA Wireless Display Monitor (Version: 1.0.1)
TOSHIBA Wireless LAN Indicator (Version: 1.0.5)
TOSHIBARegistration (Version: 1.0.6)
Utility Common Driver (Version: 1.0.52.3C)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinZip 16.0 (Version: 16.0.9715)

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 6050.69 MB
Available physical RAM: 3467.62 MB
Total Pagefile: 12099.57 MB
Available Pagefile: 9457.31 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.05 MB

========================= Partitions: =====================================

1 Drive c: (TI106230W0C) (Fixed) (Total:579.61 GB) (Free:540.08 GB) NTFS

========================= Users: ========================================

User accounts for \\JON-PC

Administrator Guest Jon


**** End of log ****

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:18 PM

Posted 11 February 2012 - 07:14 AM

Download

http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe

Double click MBRCheck.exe

It will show a Black screen with some information that will contain either the below line if no problem is found:

Press ENTER to exit...

Or

you will see more information like below if a problem is found:
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:


just choose to exit the program at this point since we want to see only the scan results to begin with.
MBRCheck will create a log on the desktop,post the log result

Edited by narenxp, 11 February 2012 - 07:16 AM.


#8 Jmg90300zx

Jmg90300zx
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 11 February 2012 - 03:13 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite P745
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 215):
0x02E07000 \SystemRoot\system32\ntoskrnl.exe
0x033F0000 \SystemRoot\system32\hal.dll
0x00B9D000 \SystemRoot\system32\kdcom.dll
0x00C4A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C99000 \SystemRoot\system32\PSHED.dll
0x00CAD000 \SystemRoot\system32\CLFS.SYS
0x00D0B000 \SystemRoot\system32\CI.dll
0x00E6A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F0E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F1D000 \SystemRoot\system32\drivers\ACPI.sys
0x00F74000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F7D000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F87000 \SystemRoot\system32\drivers\pci.sys
0x00FBA000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FC7000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x00FD6000 \SystemRoot\System32\drivers\partmgr.sys
0x00FEB000 \SystemRoot\system32\drivers\compbatt.sys
0x00FF4000 \SystemRoot\system32\drivers\BATTC.SYS
0x00E00000 \SystemRoot\system32\drivers\volmgr.sys
0x010DA000 \SystemRoot\System32\drivers\volmgrx.sys
0x01136000 \SystemRoot\System32\drivers\mountmgr.sys
0x01150000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01157000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x01231000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01385000 \SystemRoot\system32\drivers\atapi.sys
0x0138E000 \SystemRoot\system32\drivers\ataport.SYS
0x013B8000 \SystemRoot\system32\DRIVERS\msahci.sys
0x013C3000 \SystemRoot\system32\drivers\amdxata.sys
0x01167000 \SystemRoot\system32\drivers\fltmgr.sys
0x01000000 \SystemRoot\system32\drivers\NISx64\1305000.091\SYMDS64.SYS
0x013CE000 \SystemRoot\system32\drivers\fileinfo.sys
0x01420000 \SystemRoot\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS
0x01654000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01531000 \SystemRoot\System32\Drivers\msrpc.sys
0x01600000 \SystemRoot\System32\Drivers\ksecdd.sys
0x018BD000 \SystemRoot\System32\Drivers\cng.sys
0x0192F000 \SystemRoot\System32\drivers\pcw.sys
0x01940000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01AB1000 \SystemRoot\system32\drivers\ndis.sys
0x01A00000 \SystemRoot\system32\drivers\NETIO.SYS
0x01A60000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01CC2000 \SystemRoot\System32\drivers\tcpip.sys
0x01EC6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01F10000 \SystemRoot\system32\drivers\volsnap.sys
0x01F5C000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x01F61000 \SystemRoot\system32\DRIVERS\tos_sps64.sys
0x01FDB000 \SystemRoot\system32\DRIVERS\Thpevm.SYS
0x01FDD000 \SystemRoot\system32\DRIVERS\thpdrv.sys
0x01FE9000 \SystemRoot\System32\Drivers\spldr.sys
0x01C00000 \SystemRoot\System32\drivers\rdyboost.sys
0x01C3A000 \SystemRoot\System32\Drivers\mup.sys
0x01C4C000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01C55000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01C8F000 \SystemRoot\system32\drivers\disk.sys
0x01BA4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x04600000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0462A000 \SystemRoot\system32\drivers\NISx64\1305000.091\ccSetx64.sys
0x0194A000 \SystemRoot\system32\drivers\NISx64\1305000.091\Ironx64.SYS
0x04658000 \SystemRoot\System32\Drivers\Null.SYS
0x04661000 \SystemRoot\System32\Drivers\Beep.SYS
0x04668000 \SystemRoot\System32\drivers\vga.sys
0x01BD4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x047E8000 \SystemRoot\System32\drivers\watchdog.sys
0x04676000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01CB3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01FF1000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01A8B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01A96000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0197B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0199D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01800000 \SystemRoot\system32\drivers\afd.sys
0x019AA000 \SystemRoot\System32\DRIVERS\netbt.sys
0x01AA7000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01889000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0161B000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x019EF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01631000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0158F000 \SystemRoot\system32\drivers\termdd.sys
0x044BB000 \SystemRoot\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS
0x04527000 \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS
0x0455F000 \SystemRoot\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS
0x04574000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x045C5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x045D1000 \SystemRoot\system32\drivers\mssmbios.sys
0x04400000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120210.002\IDSvia64.sys
0x04A8A000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x04B03000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x04B29000 \SystemRoot\System32\drivers\discache.sys
0x04B38000 \SystemRoot\System32\Drivers\dfsc.sys
0x04B56000 \SystemRoot\system32\drivers\blbdrive.sys
0x04E11000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120207.003\BHDrvx64.sys
0x04F30000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x05C34000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04854000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04948000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0498E000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x0499F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04F56000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x049B0000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04B67000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x06A9F000 \SystemRoot\system32\DRIVERS\NETwNs64.sys
0x07321000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0735C000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x0738B000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x073BC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x073BE000 \SystemRoot\system32\drivers\CmBatt.sys
0x073C3000 \SystemRoot\system32\drivers\i8042prt.sys
0x03248000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x033A7000 \SystemRoot\system32\drivers\mouclass.sys
0x033B6000 \SystemRoot\system32\DRIVERS\CeKbFilter.sys
0x033C1000 \SystemRoot\system32\drivers\kbdclass.sys
0x033D0000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x033DA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x033E7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03200000 \SystemRoot\system32\DRIVERS\TVALZFL.sys
0x03207000 \SystemRoot\system32\drivers\CompositeBus.sys
0x03217000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x06A00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0322D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x06A24000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x06A53000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x06A6E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x073E1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03239000 \SystemRoot\system32\drivers\swenum.sys
0x04800000 \SystemRoot\system32\drivers\ks.sys
0x0323B000 \SystemRoot\system32\DRIVERS\iwdbus.sys
0x049D4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04FAC000 \SystemRoot\system32\DRIVERS\bpenum.sys
0x04A00000 \SystemRoot\system32\drivers\usbhub.sys
0x049E6000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x067DF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x08A39000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x08CD4000 \SystemRoot\system32\drivers\portcls.sys
0x08D11000 \SystemRoot\system32\drivers\drmk.sys
0x08D33000 \SystemRoot\system32\drivers\ksthunk.sys
0x08D39000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x08D8C000 \SystemRoot\System32\Drivers\bpusb.sys
0x08DA7000 \SystemRoot\system32\DRIVERS\bpmp.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x08DD9000 \SystemRoot\System32\drivers\Dxapi.sys
0x08A00000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05C00000 \SystemRoot\System32\Drivers\usbvideo.sys
0x08A1D000 \SystemRoot\system32\DRIVERS\pgeffect.sys
0x08A25000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0467F000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x08DE5000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06A8F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00480000 \SystemRoot\System32\TSDDD.dll
0x00790000 \SystemRoot\System32\cdd.dll
0x04A5A000 \SystemRoot\system32\drivers\luafv.sys
0x04BCE000 \SystemRoot\system32\drivers\WudfPf.sys
0x04FE6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x015A3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0447D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04490000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02E59000 \SystemRoot\system32\drivers\HTTP.sys
0x02F22000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02F40000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02F58000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02F85000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02FD3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x04030000 \SystemRoot\system32\drivers\peauth.sys
0x040D6000 \??\C:\windows\system32\drivers\regi.sys
0x040DE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x040E9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0411A000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0412C000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x04136000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08E98000 \SystemRoot\System32\DRIVERS\srv.sys
0x08F30000 \SystemRoot\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS
0x0B007000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120210.021\EX64.SYS
0x08E00000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120210.021\ENG64.SYS
0x08E20000 \??\C:\windows\system32\drivers\mbam.sys
0x0B30C000 \??\C:\Users\Jon\AppData\Local\Temp\aswMBR.sys
0x0B34B000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x76D40000 \Windows\System32\ntdll.dll
0x476E0000 \Windows\System32\smss.exe
0xFF060000 \Windows\System32\apisetschema.dll
0xFF490000 \Windows\System32\autochk.exe
0xFF040000 \Windows\System32\nsi.dll
0x76C20000 \Windows\System32\kernel32.dll
0xFEE30000 \Windows\System32\ole32.dll
0xFED60000 \Windows\System32\usp10.dll
0xFEC80000 \Windows\System32\advapi32.dll
0xFEC70000 \Windows\System32\lpk.dll
0xFEBD0000 \Windows\System32\msvcrt.dll
0xFEB30000 \Windows\System32\clbcatq.dll
0xFEA50000 \Windows\System32\oleaut32.dll
0xFE940000 \Windows\System32\msctf.dll
0xFE8E0000 \Windows\System32\Wldap32.dll
0x76AC0000 \Windows\System32\wininet.dll
0xFE8C0000 \Windows\System32\imagehlp.dll
0x76F10000 \Windows\System32\psapi.dll
0xFE790000 \Windows\System32\rpcrt4.dll
0xFE710000 \Windows\System32\difxapi.dll
0x76F00000 \Windows\System32\normaliz.dll
0x76970000 \Windows\System32\urlmon.dll
0x76870000 \Windows\System32\user32.dll
0xFD980000 \Windows\System32\shell32.dll
0xFD930000 \Windows\System32\ws2_32.dll
0xFD910000 \Windows\System32\sechost.dll
0xFD730000 \Windows\System32\setupapi.dll
0xFD6C0000 \Windows\System32\gdi32.dll
0xFD690000 \Windows\System32\imm32.dll
0xFD5F0000 \Windows\System32\comdlg32.dll
0xFD570000 \Windows\System32\shlwapi.dll
0x76660000 \Windows\System32\iertutil.dll
0xFD4D0000 \Windows\System32\comctl32.dll
0xFD490000 \Windows\System32\wintrust.dll
0xFD420000 \Windows\System32\KernelBase.dll
0xFD2B0000 \Windows\System32\crypt32.dll
0xFD270000 \Windows\System32\cfgmgr32.dll
0xFD250000 \Windows\System32\devobj.dll
0xFD240000 \Windows\System32\msasn1.dll
0x74A90000 \Windows\SysWOW64\normaliz.dll

Processes (total 101):
0 System Idle Process
4 System
352 C:\Windows\System32\smss.exe
504 csrss.exe
584 csrss.exe
592 C:\Windows\System32\wininit.exe
640 C:\Windows\System32\winlogon.exe
688 C:\Windows\System32\services.exe
696 C:\Windows\System32\lsass.exe
704 C:\Windows\System32\lsm.exe
804 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
316 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\svchost.exe
1312 C:\Windows\System32\wlanext.exe
1320 C:\Windows\System32\conhost.exe
1388 C:\Windows\System32\spoolsv.exe
1416 C:\Windows\System32\svchost.exe
1532 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1600 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1652 C:\Program Files\Bonjour\mDNSResponder.exe
1704 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1740 C:\Windows\System32\svchost.exe
1780 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe
1960 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
2016 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
1076 C:\Windows\System32\svchost.exe
1212 C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe
1468 C:\Windows\System32\ThpSrv.exe
1092 C:\Windows\System32\TODDSrv.exe
1936 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
2100 C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
2192 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2280 C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
2324 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2384 C:\Program Files\TOSHIBA\TECO\TecoService.exe
2776 unsecapp.exe
2856 WmiPrvSE.exe
2988 C:\Windows\System32\svchost.exe
1892 C:\Windows\System32\taskhost.exe
2512 C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe
3044 C:\Windows\System32\dwm.exe
3136 C:\Windows\explorer.exe
3400 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
3608 C:\Windows\System32\igfxtray.exe
3624 C:\Windows\System32\hkcmd.exe
3692 C:\Windows\System32\igfxpers.exe
3724 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
3772 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
3780 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3900 C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
3936 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
3956 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4024 C:\Windows\System32\ThpSrv.exe
4032 C:\Program Files\TOSHIBA\TECO\Teco.exe
4084 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
2404 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
3308 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
3352 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4264 C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
4296 C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
4348 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4360 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
4400 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4420 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
4628 C:\Program Files\iPod\bin\iPodService.exe
4764 C:\Windows\System32\svchost.exe
4884 C:\Windows\System32\wbem\unsecapp.exe
5076 C:\Program Files\Windows Media Player\wmpnetwk.exe
5092 C:\Windows\System32\taskeng.exe
760 C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
452 C:\Windows\System32\igfxext.exe
4252 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4876 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4148 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
5300 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe
5348 dllhost.exe
5380 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
2124 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
752 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
5680 C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
2804 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
3020 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
3108 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
3200 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
968 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
1832 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
3596 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
7148 C:\Windows\System32\audiodg.exe
3708 C:\Windows\servicing\TrustedInstaller.exe
5436 C:\Windows\System32\wuauclt.exe
2484 C:\Windows\System32\msiexec.exe
6416 C:\Windows\System32\taskeng.exe
4704 taskhost.exe
5512 C:\Windows\System32\SearchIndexer.exe
4584 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5500 C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I8AG5TN1\MBRCheck.exe
6824 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK6475GSX, Rev: GT001M

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:18 PM

Posted 11 February 2012 - 05:49 PM

That looks good


Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Uninstall your java update from add or remove programs and download latest from here

http://www.java.com/en/

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#10 Jmg90300zx

Jmg90300zx
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 11 February 2012 - 07:35 PM

Thank you so much for your help!

I have done all and the computer seems to be running like it should again!

I was running Norton Internet Security and the computer was two days old. It didn't catch the issue and the definitions were up to date.

Any recommendations on better virus software instead of Norton?

Thanks!

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:18 PM

Posted 11 February 2012 - 09:00 PM

I would recommend Avira.There is no antivirus which can detect all infections..I would recommend you to scan with mbam and super antispyware frequently.

good luck

#12 Jmg90300zx

Jmg90300zx
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 12 February 2012 - 03:39 PM

Thanks! I may have spoken too soon. Malwarebytes keeps coming up with a popup on the bottom right indicating that it keeps blocking ip addresses. Seems something fishy is still going on.

Any thoughts?

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:18 PM

Posted 12 February 2012 - 04:05 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Launch malwarebytes

Click on LOGS tab

Open protection log and post the contents here

Edited by narenxp, 12 February 2012 - 04:06 PM.


#14 Jmg90300zx

Jmg90300zx
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 12 February 2012 - 04:21 PM

13:10:10.0827 3620 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
13:10:12.0832 3620 ============================================================
13:10:12.0832 3620 Current date / time: 2012/02/12 13:10:12.0832
13:10:12.0832 3620 SystemInfo:
13:10:12.0832 3620
13:10:12.0832 3620 OS Version: 6.1.7601 ServicePack: 1.0
13:10:12.0832 3620 Product type: Workstation
13:10:12.0832 3620 ComputerName: JON-PC
13:10:12.0833 3620 UserName: Jon
13:10:12.0833 3620 Windows directory: C:\windows
13:10:12.0833 3620 System windows directory: C:\windows
13:10:12.0833 3620 Running under WOW64
13:10:12.0833 3620 Processor architecture: Intel x64
13:10:12.0833 3620 Number of processors: 4
13:10:12.0833 3620 Page size: 0x1000
13:10:12.0833 3620 Boot type: Normal boot
13:10:12.0833 3620 ============================================================
13:10:13.0620 3620 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:10:13.0633 3620 \Device\Harddisk0\DR0:
13:10:13.0633 3620 MBR used
13:10:13.0633 3620 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48737800
13:10:13.0661 3620 Initialize success
13:10:13.0661 3620 ============================================================
13:10:20.0790 2032 ============================================================
13:10:20.0791 2032 Scan started
13:10:20.0791 2032 Mode: Manual; TDLFS;
13:10:20.0791 2032 ============================================================
13:10:21.0637 2032 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
13:10:21.0644 2032 1394ohci - ok
13:10:22.0058 2032 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
13:10:22.0066 2032 ACPI - ok
13:10:22.0454 2032 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
13:10:22.0457 2032 AcpiPmi - ok
13:10:22.0883 2032 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
13:10:22.0896 2032 adp94xx - ok
13:10:23.0289 2032 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
13:10:23.0299 2032 adpahci - ok
13:10:23.0714 2032 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
13:10:23.0721 2032 adpu320 - ok
13:10:24.0118 2032 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
13:10:24.0129 2032 AFD - ok
13:10:24.0515 2032 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
13:10:24.0519 2032 agp440 - ok
13:10:24.0915 2032 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
13:10:24.0919 2032 aliide - ok
13:10:25.0293 2032 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
13:10:25.0297 2032 amdide - ok
13:10:25.0673 2032 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
13:10:25.0678 2032 AmdK8 - ok
13:10:26.0030 2032 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
13:10:26.0034 2032 AmdPPM - ok
13:10:26.0410 2032 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
13:10:26.0446 2032 amdsata - ok
13:10:26.0838 2032 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
13:10:26.0844 2032 amdsbs - ok
13:10:27.0214 2032 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
13:10:27.0249 2032 amdxata - ok
13:10:27.0628 2032 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
13:10:27.0632 2032 AppID - ok
13:10:28.0042 2032 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
13:10:28.0047 2032 arc - ok
13:10:28.0421 2032 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
13:10:28.0426 2032 arcsas - ok
13:10:28.0799 2032 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
13:10:28.0802 2032 AsyncMac - ok
13:10:29.0166 2032 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
13:10:29.0168 2032 atapi - ok
13:10:29.0599 2032 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
13:10:29.0611 2032 b06bdrv - ok
13:10:29.0992 2032 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
13:10:30.0000 2032 b57nd60a - ok
13:10:30.0388 2032 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
13:10:30.0391 2032 Beep - ok
13:10:30.0679 2032 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120207.003\BHDrvx64.sys
13:10:30.0728 2032 BHDrvx64 - ok
13:10:31.0112 2032 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\drivers\blbdrive.sys
13:10:31.0115 2032 blbdrive - ok
13:10:31.0511 2032 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
13:10:31.0539 2032 bowser - ok
13:10:31.0904 2032 bpenum (56e4345f392f17d66683225e214840cb) C:\windows\system32\DRIVERS\bpenum.sys
13:10:31.0943 2032 bpenum - ok
13:10:32.0357 2032 bpmp (d50b07c4d7afec4ca6ac8fcb72583c5b) C:\windows\system32\DRIVERS\bpmp.sys
13:10:32.0394 2032 bpmp - ok
13:10:32.0757 2032 bpusb (a85ba55e4fe9cb2f342f281aaf7de810) C:\windows\system32\Drivers\bpusb.sys
13:10:32.0795 2032 bpusb - ok
13:10:33.0190 2032 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
13:10:33.0194 2032 BrFiltLo - ok
13:10:33.0535 2032 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
13:10:33.0538 2032 BrFiltUp - ok
13:10:33.0938 2032 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
13:10:33.0946 2032 Brserid - ok
13:10:34.0302 2032 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
13:10:34.0305 2032 BrSerWdm - ok
13:10:34.0657 2032 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
13:10:34.0660 2032 BrUsbMdm - ok
13:10:35.0046 2032 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
13:10:35.0049 2032 BrUsbSer - ok
13:10:35.0415 2032 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
13:10:35.0420 2032 BTHMODEM - ok
13:10:35.0844 2032 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys
13:10:35.0880 2032 ccSet_NIS - ok
13:10:36.0229 2032 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
13:10:36.0233 2032 cdfs - ok
13:10:36.0588 2032 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
13:10:36.0594 2032 cdrom - ok
13:10:37.0003 2032 CeKbFilter (a965b206921c55f2d1481789d609b711) C:\windows\system32\DRIVERS\CeKbFilter.sys
13:10:37.0036 2032 CeKbFilter - ok
13:10:37.0399 2032 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
13:10:37.0403 2032 circlass - ok
13:10:37.0691 2032 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
13:10:37.0700 2032 CLFS - ok
13:10:38.0102 2032 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\drivers\CmBatt.sys
13:10:38.0105 2032 CmBatt - ok
13:10:38.0447 2032 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
13:10:38.0450 2032 cmdide - ok
13:10:38.0822 2032 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
13:10:38.0849 2032 CNG - ok
13:10:39.0248 2032 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
13:10:39.0250 2032 Compbatt - ok
13:10:39.0638 2032 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
13:10:39.0641 2032 CompositeBus - ok
13:10:40.0005 2032 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
13:10:40.0008 2032 crcdisk - ok
13:10:40.0398 2032 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
13:10:40.0403 2032 DfsC - ok
13:10:40.0809 2032 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
13:10:40.0811 2032 discache - ok
13:10:41.0189 2032 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
13:10:41.0193 2032 Disk - ok
13:10:41.0582 2032 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
13:10:41.0586 2032 drmkaud - ok
13:10:41.0974 2032 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
13:10:41.0990 2032 DXGKrnl - ok
13:10:42.0406 2032 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
13:10:42.0527 2032 ebdrv - ok
13:10:42.0611 2032 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
13:10:42.0651 2032 eeCtrl - ok
13:10:43.0044 2032 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
13:10:43.0056 2032 elxstor - ok
13:10:43.0173 2032 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:10:43.0220 2032 EraserUtilRebootDrv - ok
13:10:43.0570 2032 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
13:10:43.0573 2032 ErrDev - ok
13:10:43.0962 2032 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
13:10:43.0969 2032 exfat - ok
13:10:44.0311 2032 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
13:10:44.0318 2032 fastfat - ok
13:10:44.0676 2032 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
13:10:44.0680 2032 fdc - ok
13:10:45.0089 2032 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
13:10:45.0093 2032 FileInfo - ok
13:10:45.0422 2032 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
13:10:45.0425 2032 Filetrace - ok
13:10:45.0767 2032 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
13:10:45.0771 2032 flpydisk - ok
13:10:46.0112 2032 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
13:10:46.0120 2032 FltMgr - ok
13:10:46.0459 2032 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
13:10:46.0463 2032 FsDepends - ok
13:10:46.0803 2032 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
13:10:46.0805 2032 Fs_Rec - ok
13:10:47.0152 2032 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
13:10:47.0157 2032 fvevol - ok
13:10:47.0592 2032 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
13:10:47.0597 2032 gagp30kx - ok
13:10:47.0987 2032 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
13:10:47.0989 2032 GEARAspiWDM - ok
13:10:48.0536 2032 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
13:10:48.0726 2032 hcw85cir - ok
13:10:49.0264 2032 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
13:10:49.0464 2032 HdAudAddService - ok
13:10:49.0895 2032 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
13:10:49.0898 2032 HDAudBus - ok
13:10:50.0249 2032 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
13:10:50.0267 2032 HidBatt - ok
13:10:50.0641 2032 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
13:10:50.0646 2032 HidBth - ok
13:10:50.0998 2032 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
13:10:51.0003 2032 HidIr - ok
13:10:51.0422 2032 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
13:10:51.0426 2032 HidUsb - ok
13:10:51.0813 2032 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
13:10:51.0818 2032 HpSAMD - ok
13:10:52.0187 2032 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
13:10:52.0203 2032 HTTP - ok
13:10:52.0559 2032 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
13:10:52.0560 2032 hwpolicy - ok
13:10:52.0927 2032 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
13:10:52.0932 2032 i8042prt - ok
13:10:53.0341 2032 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
13:10:53.0348 2032 iaStor - ok
13:10:53.0753 2032 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
13:10:53.0797 2032 iaStorV - ok
13:10:53.0986 2032 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120210.002\IDSvia64.sys
13:10:54.0029 2032 IDSVia64 - ok
13:10:54.0619 2032 igfx (93c8115d4baeb1bd047ab0a9b265ee7a) C:\windows\system32\DRIVERS\igdkmd64.sys
13:10:54.0892 2032 igfx - ok
13:10:55.0248 2032 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
13:10:55.0253 2032 iirsp - ok
13:10:55.0604 2032 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\windows\system32\drivers\intelaud.sys
13:10:55.0616 2032 intaud_WaveExtensible - ok
13:10:56.0078 2032 IntcAzAudAddService (ac9aafd18e4d52084c4aa8a38795b7e4) C:\windows\system32\drivers\RTKVHD64.sys
13:10:56.0130 2032 IntcAzAudAddService - ok
13:10:56.0493 2032 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
13:10:56.0532 2032 IntcDAud - ok
13:10:56.0871 2032 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
13:10:56.0874 2032 intelide - ok
13:10:57.0284 2032 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
13:10:57.0286 2032 intelppm - ok
13:10:57.0655 2032 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
13:10:57.0659 2032 IpFilterDriver - ok
13:10:58.0012 2032 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
13:10:58.0016 2032 IPMIDRV - ok
13:10:58.0369 2032 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
13:10:58.0374 2032 IPNAT - ok
13:10:58.0736 2032 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
13:10:58.0739 2032 IRENUM - ok
13:10:59.0093 2032 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
13:10:59.0096 2032 isapnp - ok
13:10:59.0483 2032 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
13:10:59.0491 2032 iScsiPrt - ok
13:10:59.0862 2032 iwdbus (716f66336f10885d935b08174dc54242) C:\windows\system32\DRIVERS\iwdbus.sys
13:10:59.0895 2032 iwdbus - ok
13:11:00.0251 2032 JMCR (0b44199365a69696109ab9a5855e0841) C:\windows\system32\DRIVERS\jmcr.sys
13:11:00.0285 2032 JMCR - ok
13:11:00.0627 2032 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
13:11:00.0630 2032 kbdclass - ok
13:11:00.0972 2032 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
13:11:00.0976 2032 kbdhid - ok
13:11:01.0322 2032 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
13:11:01.0341 2032 KSecDD - ok
13:11:01.0684 2032 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
13:11:01.0726 2032 KSecPkg - ok
13:11:02.0074 2032 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
13:11:02.0077 2032 ksthunk - ok
13:11:02.0453 2032 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
13:11:02.0457 2032 lltdio - ok
13:11:02.0821 2032 LPCFilter (2825a71e7501cb33b3b9f856610c729d) C:\windows\system32\DRIVERS\LPCFilter.sys
13:11:02.0851 2032 LPCFilter - ok
13:11:03.0223 2032 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
13:11:03.0228 2032 LSI_FC - ok
13:11:03.0583 2032 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
13:11:03.0603 2032 LSI_SAS - ok
13:11:04.0062 2032 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
13:11:04.0066 2032 LSI_SAS2 - ok
13:11:04.0443 2032 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
13:11:04.0448 2032 LSI_SCSI - ok
13:11:04.0812 2032 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
13:11:04.0816 2032 luafv - ok
13:11:05.0210 2032 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
13:11:05.0212 2032 MBAMProtector - ok
13:11:05.0612 2032 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
13:11:05.0616 2032 megasas - ok
13:11:06.0013 2032 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
13:11:06.0022 2032 MegaSR - ok
13:11:06.0413 2032 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
13:11:06.0417 2032 MEIx64 - ok
13:11:06.0787 2032 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
13:11:06.0791 2032 Modem - ok
13:11:07.0266 2032 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
13:11:07.0267 2032 monitor - ok
13:11:07.0634 2032 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
13:11:07.0637 2032 mouclass - ok
13:11:08.0012 2032 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
13:11:08.0016 2032 mouhid - ok
13:11:08.0371 2032 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
13:11:08.0374 2032 mountmgr - ok
13:11:08.0721 2032 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
13:11:08.0727 2032 mpio - ok
13:11:09.0122 2032 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
13:11:09.0126 2032 mpsdrv - ok
13:11:09.0502 2032 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
13:11:09.0508 2032 MRxDAV - ok
13:11:09.0861 2032 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
13:11:09.0890 2032 mrxsmb - ok
13:11:10.0246 2032 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
13:11:10.0286 2032 mrxsmb10 - ok
13:11:10.0645 2032 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
13:11:10.0677 2032 mrxsmb20 - ok
13:11:11.0044 2032 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
13:11:11.0047 2032 msahci - ok
13:11:11.0397 2032 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
13:11:11.0402 2032 msdsm - ok
13:11:11.0761 2032 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
13:11:11.0764 2032 Msfs - ok
13:11:12.0127 2032 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
13:11:12.0150 2032 mshidkmdf - ok
13:11:12.0505 2032 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
13:11:12.0508 2032 msisadrv - ok
13:11:12.0957 2032 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
13:11:12.0976 2032 MSKSSRV - ok
13:11:13.0368 2032 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
13:11:13.0371 2032 MSPCLOCK - ok
13:11:13.0746 2032 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
13:11:13.0748 2032 MSPQM - ok
13:11:14.0115 2032 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
13:11:14.0125 2032 MsRPC - ok
13:11:14.0501 2032 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
13:11:14.0503 2032 mssmbios - ok
13:11:14.0879 2032 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
13:11:14.0882 2032 MSTEE - ok
13:11:15.0236 2032 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
13:11:15.0239 2032 MTConfig - ok
13:11:15.0593 2032 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
13:11:15.0596 2032 Mup - ok
13:11:16.0040 2032 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
13:11:16.0048 2032 NativeWifiP - ok
13:11:16.0241 2032 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120211.006\ENG64.SYS
13:11:16.0278 2032 NAVENG - ok
13:11:16.0522 2032 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120211.006\EX64.SYS
13:11:16.0576 2032 NAVEX15 - ok
13:11:16.0974 2032 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
13:11:16.0993 2032 NDIS - ok
13:11:17.0362 2032 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
13:11:17.0366 2032 NdisCap - ok
13:11:17.0740 2032 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
13:11:17.0744 2032 NdisTapi - ok
13:11:18.0119 2032 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
13:11:18.0123 2032 Ndisuio - ok
13:11:18.0481 2032 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
13:11:18.0486 2032 NdisWan - ok
13:11:18.0840 2032 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
13:11:18.0844 2032 NDProxy - ok
13:11:19.0225 2032 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
13:11:19.0230 2032 NetBIOS - ok
13:11:19.0636 2032 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
13:11:19.0642 2032 NetBT - ok
13:11:20.0246 2032 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\windows\system32\DRIVERS\NETwNs64.sys
13:11:20.0497 2032 NETwNs64 - ok
13:11:20.0877 2032 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
13:11:20.0881 2032 nfrd960 - ok
13:11:21.0311 2032 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
13:11:21.0315 2032 Npfs - ok
13:11:21.0689 2032 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
13:11:21.0691 2032 nsiproxy - ok
13:11:22.0130 2032 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
13:11:22.0195 2032 Ntfs - ok
13:11:22.0542 2032 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
13:11:22.0545 2032 Null - ok
13:11:22.0902 2032 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\windows\system32\DRIVERS\nusb3hub.sys
13:11:22.0945 2032 nusb3hub - ok
13:11:23.0298 2032 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\windows\system32\DRIVERS\nusb3xhc.sys
13:11:23.0348 2032 nusb3xhc - ok
13:11:23.0714 2032 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
13:11:23.0749 2032 nvraid - ok
13:11:24.0109 2032 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
13:11:24.0148 2032 nvstor - ok
13:11:24.0522 2032 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
13:11:24.0527 2032 nv_agp - ok
13:11:24.0926 2032 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
13:11:24.0936 2032 ohci1394 - ok
13:11:25.0367 2032 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
13:11:25.0372 2032 Parport - ok
13:11:25.0735 2032 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
13:11:25.0739 2032 partmgr - ok
13:11:26.0118 2032 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
13:11:26.0124 2032 pci - ok
13:11:26.0494 2032 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
13:11:26.0497 2032 pciide - ok
13:11:26.0861 2032 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
13:11:26.0868 2032 pcmcia - ok
13:11:27.0281 2032 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
13:11:27.0283 2032 pcw - ok
13:11:27.0675 2032 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
13:11:27.0691 2032 PEAUTH - ok
13:11:28.0388 2032 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
13:11:28.0439 2032 PGEffect - ok
13:11:28.0927 2032 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
13:11:28.0931 2032 PptpMiniport - ok
13:11:29.0374 2032 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
13:11:29.0379 2032 Processor - ok
13:11:29.0798 2032 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
13:11:29.0801 2032 Psched - ok
13:11:30.0255 2032 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
13:11:30.0289 2032 ql2300 - ok
13:11:30.0650 2032 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
13:11:30.0656 2032 ql40xx - ok
13:11:31.0028 2032 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
13:11:31.0031 2032 QWAVEdrv - ok
13:11:31.0428 2032 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
13:11:31.0431 2032 RasAcd - ok
13:11:31.0804 2032 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
13:11:31.0807 2032 RasAgileVpn - ok
13:11:32.0212 2032 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
13:11:32.0217 2032 Rasl2tp - ok
13:11:32.0659 2032 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
13:11:32.0663 2032 RasPppoe - ok
13:11:33.0040 2032 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
13:11:33.0044 2032 RasSstp - ok
13:11:33.0452 2032 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
13:11:33.0460 2032 rdbss - ok
13:11:33.0837 2032 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
13:11:33.0840 2032 rdpbus - ok
13:11:34.0203 2032 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
13:11:34.0205 2032 RDPCDD - ok
13:11:34.0637 2032 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
13:11:34.0638 2032 RDPENCDD - ok
13:11:35.0048 2032 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
13:11:35.0049 2032 RDPREFMP - ok
13:11:35.0419 2032 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
13:11:35.0426 2032 RDPWD - ok
13:11:35.0812 2032 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
13:11:35.0819 2032 rdyboost - ok
13:11:36.0177 2032 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\windows\system32\drivers\regi.sys
13:11:36.0180 2032 regi - ok
13:11:36.0672 2032 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
13:11:36.0676 2032 rspndr - ok
13:11:37.0047 2032 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\windows\system32\DRIVERS\Rt64win7.sys
13:11:37.0083 2032 RTL8167 - ok
13:11:37.0474 2032 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
13:11:37.0479 2032 sbp2port - ok
13:11:37.0841 2032 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
13:11:37.0844 2032 scfilter - ok
13:11:38.0205 2032 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\DRIVERS\sdbus.sys
13:11:38.0210 2032 sdbus - ok
13:11:38.0560 2032 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
13:11:38.0563 2032 secdrv - ok
13:11:38.0939 2032 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
13:11:38.0942 2032 Serenum - ok
13:11:39.0319 2032 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
13:11:39.0324 2032 Serial - ok
13:11:39.0697 2032 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
13:11:39.0701 2032 sermouse - ok
13:11:40.0075 2032 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
13:11:40.0078 2032 sffdisk - ok
13:11:40.0464 2032 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
13:11:40.0468 2032 sffp_mmc - ok
13:11:40.0831 2032 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
13:11:40.0835 2032 sffp_sd - ok
13:11:41.0209 2032 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
13:11:41.0213 2032 sfloppy - ok
13:11:41.0655 2032 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
13:11:41.0659 2032 SiSRaid2 - ok
13:11:42.0024 2032 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
13:11:42.0029 2032 SiSRaid4 - ok
13:11:42.0415 2032 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
13:11:42.0420 2032 Smb - ok
13:11:42.0848 2032 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
13:11:42.0851 2032 spldr - ok
13:11:43.0307 2032 SRTSP (4d56f175f76c685a06471800a03219b2) C:\windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS
13:11:43.0361 2032 SRTSP - ok
13:11:43.0760 2032 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS
13:11:43.0796 2032 SRTSPX - ok
13:11:44.0194 2032 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
13:11:44.0241 2032 srv - ok
13:11:44.0643 2032 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
13:11:44.0688 2032 srv2 - ok
13:11:45.0075 2032 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
13:11:45.0096 2032 srvnet - ok
13:11:45.0529 2032 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
13:11:45.0532 2032 stexstor - ok
13:11:45.0912 2032 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
13:11:45.0914 2032 swenum - ok
13:11:46.0316 2032 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS
13:11:46.0366 2032 SymDS - ok
13:11:46.0786 2032 SymEFA (f90c7a190399165d3ab2245048d34786) C:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS
13:11:46.0841 2032 SymEFA - ok
13:11:47.0218 2032 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
13:11:47.0241 2032 SymEvent - ok
13:11:47.0643 2032 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS
13:11:47.0680 2032 SymIRON - ok
13:11:48.0087 2032 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS
13:11:48.0144 2032 SymNetS - ok
13:11:48.0744 2032 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
13:11:48.0792 2032 SynTP - ok
13:11:49.0478 2032 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
13:11:49.0675 2032 Tcpip - ok
13:11:50.0207 2032 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
13:11:50.0216 2032 TCPIP6 - ok
13:11:50.0741 2032 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
13:11:50.0745 2032 tcpipreg - ok
13:11:51.0220 2032 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
13:11:51.0223 2032 tdcmdpst - ok
13:11:51.0686 2032 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
13:11:51.0695 2032 TDPIPE - ok
13:11:52.0131 2032 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
13:11:52.0151 2032 TDTCP - ok
13:11:52.0590 2032 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
13:11:52.0614 2032 tdx - ok
13:11:53.0080 2032 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
13:11:53.0083 2032 TermDD - ok
13:11:53.0644 2032 Thpdrv (7f35ca8296a52c7161088eb1d952e8ed) C:\windows\system32\DRIVERS\thpdrv.sys
13:11:53.0674 2032 Thpdrv - ok
13:11:54.0168 2032 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
13:11:54.0171 2032 Thpevm - ok
13:11:54.0743 2032 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
13:11:54.0763 2032 tos_sps64 - ok
13:11:55.0190 2032 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
13:11:55.0202 2032 tssecsrv - ok
13:11:55.0745 2032 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
13:11:55.0759 2032 TsUsbFlt - ok
13:11:56.0312 2032 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
13:11:56.0316 2032 TsUsbGD - ok
13:11:56.0852 2032 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
13:11:56.0873 2032 tunnel - ok
13:11:57.0496 2032 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
13:11:57.0499 2032 TVALZ - ok
13:11:58.0042 2032 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
13:11:58.0045 2032 TVALZFL - ok
13:11:58.0555 2032 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
13:11:58.0585 2032 uagp35 - ok
13:11:59.0132 2032 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
13:11:59.0144 2032 udfs - ok
13:11:59.0741 2032 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
13:11:59.0745 2032 uliagpkx - ok
13:12:00.0320 2032 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
13:12:00.0349 2032 umbus - ok
13:12:00.0808 2032 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
13:12:00.0824 2032 UmPass - ok
13:12:01.0325 2032 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
13:12:01.0363 2032 usbccgp - ok
13:12:01.0839 2032 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
13:12:01.0851 2032 usbcir - ok
13:12:02.0306 2032 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
13:12:02.0339 2032 usbehci - ok
13:12:02.0823 2032 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\drivers\usbhub.sys
13:12:02.0864 2032 usbhub - ok
13:12:03.0286 2032 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
13:12:03.0351 2032 usbohci - ok
13:12:03.0829 2032 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
13:12:03.0843 2032 usbprint - ok
13:12:04.0321 2032 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
13:12:04.0385 2032 USBSTOR - ok
13:12:04.0788 2032 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
13:12:04.0824 2032 usbuhci - ok
13:12:05.0262 2032 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
13:12:05.0272 2032 usbvideo - ok
13:12:05.0722 2032 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
13:12:05.0725 2032 vdrvroot - ok
13:12:06.0168 2032 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
13:12:06.0172 2032 vga - ok
13:12:06.0534 2032 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
13:12:06.0537 2032 VgaSave - ok
13:12:06.0920 2032 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
13:12:06.0928 2032 vhdmp - ok
13:12:07.0520 2032 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
13:12:07.0547 2032 viaide - ok
13:12:08.0081 2032 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
13:12:08.0113 2032 volmgr - ok
13:12:08.0561 2032 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
13:12:08.0570 2032 volmgrx - ok
13:12:09.0078 2032 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
13:12:09.0118 2032 volsnap - ok
13:12:09.0637 2032 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
13:12:09.0654 2032 vsmraid - ok
13:12:10.0091 2032 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
13:12:10.0104 2032 vwifibus - ok
13:12:10.0570 2032 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
13:12:10.0599 2032 vwififlt - ok
13:12:11.0036 2032 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
13:12:11.0044 2032 vwifimp - ok
13:12:11.0592 2032 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
13:12:11.0610 2032 WacomPen - ok
13:12:12.0051 2032 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
13:12:12.0080 2032 WANARP - ok
13:12:12.0099 2032 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
13:12:12.0101 2032 Wanarpv6 - ok
13:12:12.0685 2032 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
13:12:12.0704 2032 Wd - ok
13:12:13.0192 2032 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
13:12:13.0207 2032 Wdf01000 - ok
13:12:13.0683 2032 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
13:12:13.0713 2032 WfpLwf - ok
13:12:14.0228 2032 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
13:12:14.0243 2032 WIMMount - ok
13:12:14.0828 2032 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
13:12:14.0850 2032 WmiAcpi - ok
13:12:15.0340 2032 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
13:12:15.0347 2032 ws2ifsl - ok
13:12:15.0765 2032 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
13:12:15.0777 2032 WudfPf - ok
13:12:16.0412 2032 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
13:12:16.0419 2032 WUDFRd - ok
13:12:16.0516 2032 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
13:12:16.0771 2032 \Device\Harddisk0\DR0 - ok
13:12:16.0810 2032 Boot (0x1200) (2410d28dc9439690f8eb468db187ae40) \Device\Harddisk0\DR0\Partition0
13:12:16.0813 2032 \Device\Harddisk0\DR0\Partition0 - ok
13:12:16.0814 2032 ============================================================
13:12:16.0814 2032 Scan finished
13:12:16.0814 2032 ============================================================
13:12:16.0833 4756 Detected object count: 0
13:12:16.0833 4756 Actual detected object count: 0
13:12:44.0221 5800 Deinitialize success

2012/02/12 12:35:13 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 49552, Process: chrome.exe)
2012/02/12 12:35:13 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 49553, Process: chrome.exe)
2012/02/12 12:39:40 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 49811, Process: chrome.exe)
2012/02/12 12:39:40 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 49812, Process: chrome.exe)
2012/02/12 12:39:40 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 49814, Process: chrome.exe)
2012/02/12 12:39:40 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 49819, Process: chrome.exe)
2012/02/12 12:39:40 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 49821, Process: chrome.exe)
2012/02/12 12:44:38 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 49879, Process: chrome.exe)
2012/02/12 12:44:38 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 49880, Process: chrome.exe)
2012/02/12 12:44:38 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 49890, Process: chrome.exe)
2012/02/12 12:45:35 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 49938, Process: chrome.exe)
2012/02/12 12:45:35 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 49939, Process: chrome.exe)
2012/02/12 12:45:35 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 49940, Process: chrome.exe)
2012/02/12 12:45:35 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 49941, Process: chrome.exe)
2012/02/12 12:45:59 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 49974, Process: chrome.exe)
2012/02/12 12:45:59 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 49975, Process: chrome.exe)
2012/02/12 12:46:07 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50018, Process: chrome.exe)
2012/02/12 12:46:07 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50020, Process: chrome.exe)
2012/02/12 12:46:07 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50021, Process: chrome.exe)
2012/02/12 12:46:07 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50022, Process: chrome.exe)
2012/02/12 12:48:48 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50103, Process: chrome.exe)
2012/02/12 12:48:48 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50104, Process: chrome.exe)
2012/02/12 12:48:48 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50109, Process: chrome.exe)
2012/02/12 12:50:33 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50166, Process: chrome.exe)
2012/02/12 12:50:33 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50167, Process: chrome.exe)
2012/02/12 12:50:33 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50172, Process: chrome.exe)
2012/02/12 12:52:51 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50230, Process: chrome.exe)
2012/02/12 12:52:51 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50231, Process: chrome.exe)
2012/02/12 12:52:51 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50235, Process: chrome.exe)
2012/02/12 12:53:39 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50251, Process: chrome.exe)
2012/02/12 12:53:39 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50253, Process: chrome.exe)
2012/02/12 12:53:39 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50258, Process: chrome.exe)
2012/02/12 12:53:39 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50261, Process: chrome.exe)
2012/02/12 12:54:19 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50290, Process: chrome.exe)
2012/02/12 12:54:19 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50291, Process: chrome.exe)
2012/02/12 12:54:19 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50293, Process: chrome.exe)
2012/02/12 12:54:19 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50297, Process: chrome.exe)
2012/02/12 12:55:08 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50384, Process: chrome.exe)
2012/02/12 12:55:08 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50385, Process: chrome.exe)
2012/02/12 12:55:08 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50388, Process: chrome.exe)
2012/02/12 12:58:13 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50413, Process: chrome.exe)
2012/02/12 12:58:13 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50414, Process: chrome.exe)
2012/02/12 12:58:13 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50418, Process: chrome.exe)
2012/02/12 12:59:18 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50455, Process: chrome.exe)
2012/02/12 12:59:18 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50456, Process: chrome.exe)
2012/02/12 12:59:18 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50457, Process: chrome.exe)
2012/02/12 12:59:18 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50486, Process: chrome.exe)
2012/02/12 12:59:18 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50493, Process: chrome.exe)
2012/02/12 12:59:18 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50494, Process: chrome.exe)
2012/02/12 12:59:26 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50506, Process: chrome.exe)
2012/02/12 12:59:26 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50507, Process: chrome.exe)
2012/02/12 12:59:50 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50540, Process: chrome.exe)
2012/02/12 12:59:50 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50543, Process: chrome.exe)
2012/02/12 12:59:50 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 50544, Process: chrome.exe)
2012/02/12 13:08:06 -0800 JON-PC Jon MESSAGE Starting protection
2012/02/12 13:08:09 -0800 JON-PC Jon MESSAGE Protection started successfully
2012/02/12 13:08:12 -0800 JON-PC Jon MESSAGE Starting IP protection
2012/02/12 13:08:12 -0800 JON-PC Jon MESSAGE IP Protection started successfully
2012/02/12 13:08:38 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 49205, Process: chrome.exe)
2012/02/12 13:17:21 -0800 JON-PC Jon MESSAGE Starting protection
2012/02/12 13:17:23 -0800 JON-PC Jon MESSAGE Protection started successfully
2012/02/12 13:17:26 -0800 JON-PC Jon MESSAGE Starting IP protection
2012/02/12 13:17:27 -0800 JON-PC Jon MESSAGE IP Protection started successfully

2012/02/11 00:56:37 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 49697, Process: chrome.exe)
2012/02/11 00:56:37 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 49706, Process: chrome.exe)
2012/02/11 00:56:37 -0800 JON-PC Jon IP-BLOCK 88.85.66.122 (Type: outgoing, Port: 49714, Process: chrome.exe)
2012/02/11 02:52:19 -0800 JON-PC Jon DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/02/11 12:13:10 -0800 JON-PC Jon DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/02/11 12:35:50 -0800 JON-PC Jon MESSAGE Starting protection
2012/02/11 12:35:52 -0800 JON-PC Jon MESSAGE Protection started successfully
2012/02/11 12:35:55 -0800 JON-PC Jon MESSAGE Starting IP protection
2012/02/11 12:35:56 -0800 JON-PC Jon MESSAGE IP Protection started successfully
2012/02/11 12:40:07 -0800 JON-PC Jon DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
2012/02/11 12:40:07 -0800 JON-PC Jon DETECTION c:\windows\svchost.exe Trojan.Agent DENY
2012/02/11 12:41:10 -0800 JON-PC Jon DETECTION c:\windows\svchost.exe Trojan.Agent DENY
2012/02/11 13:00:35 -0800 JON-PC Jon MESSAGE Starting protection
2012/02/11 13:00:38 -0800 JON-PC Jon MESSAGE Protection started successfully
2012/02/11 13:00:41 -0800 JON-PC Jon MESSAGE Starting IP protection
2012/02/11 13:00:42 -0800 JON-PC Jon MESSAGE IP Protection started successfully
2012/02/11 16:17:02 -0800 JON-PC Jon MESSAGE Starting protection
2012/02/11 16:17:04 -0800 JON-PC Jon MESSAGE Protection started successfully
2012/02/11 16:17:07 -0800 JON-PC Jon MESSAGE Starting IP protection
2012/02/11 16:17:08 -0800 JON-PC Jon MESSAGE IP Protection started successfully
2012/02/11 16:27:20 -0800 JON-PC Jon MESSAGE Starting protection
2012/02/11 16:27:23 -0800 JON-PC Jon MESSAGE Protection started successfully
2012/02/11 16:27:26 -0800 JON-PC Jon MESSAGE Starting IP protection
2012/02/11 16:27:27 -0800 JON-PC Jon MESSAGE IP Protection started successfully


2012/02/10 21:09:12 -0800 JON-PC Jon MESSAGE Starting protection
2012/02/10 21:09:13 -0800 JON-PC Jon MESSAGE Protection started successfully
2012/02/10 21:09:16 -0800 JON-PC Jon MESSAGE Starting IP protection
2012/02/10 21:09:19 -0800 JON-PC Jon MESSAGE IP Protection started successfully
2012/02/10 21:09:41 -0800 JON-PC Jon IP-BLOCK 141.136.16.77 (Type: outgoing, Port: 52023, Process: svchost.exe)
2012/02/10 21:11:42 -0800 JON-PC Jon IP-BLOCK 141.136.16.78 (Type: outgoing, Port: 52034, Process: svchost.exe)
2012/02/10 21:15:18 -0800 JON-PC Jon MESSAGE Executing scheduled update: Daily
2012/02/10 21:15:19 -0800 JON-PC Jon MESSAGE Database already up-to-date
2012/02/10 21:15:22 -0800 JON-PC Jon MESSAGE Starting protection
2012/02/10 21:15:25 -0800 JON-PC Jon MESSAGE Protection started successfully
2012/02/10 21:15:28 -0800 JON-PC Jon MESSAGE Starting IP protection
2012/02/10 21:15:28 -0800 JON-PC Jon MESSAGE IP Protection started successfully
2012/02/10 21:16:09 -0800 JON-PC Jon IP-BLOCK 141.136.16.77 (Type: outgoing, Port: 49178, Process: svchost.exe)
2012/02/10 21:18:20 -0800 JON-PC Jon IP-BLOCK 141.136.16.77 (Type: outgoing, Port: 49323, Process: svchost.exe)
2012/02/10 21:20:23 -0800 JON-PC Jon IP-BLOCK 141.136.16.77 (Type: outgoing, Port: 49374, Process: svchost.exe)
2012/02/10 21:22:33 -0800 JON-PC Jon IP-BLOCK 141.136.16.78 (Type: outgoing, Port: 49492, Process: svchost.exe)
2012/02/10 21:24:43 -0800 JON-PC Jon IP-BLOCK 141.136.16.78 (Type: outgoing, Port: 49596, Process: svchost.exe)
2012/02/10 21:46:36 -0800 JON-PC Jon IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 50045, Process: svchost.exe)
2012/02/10 21:46:36 -0800 JON-PC Jon IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 50047, Process: svchost.exe)
2012/02/10 21:46:36 -0800 JON-PC Jon IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 50049, Process: svchost.exe)
2012/02/10 21:46:44 -0800 JON-PC Jon IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 50053, Process: svchost.exe)
2012/02/10 21:46:44 -0800 JON-PC Jon IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 50058, Process: svchost.exe)
2012/02/10 21:47:01 -0800 JON-PC Jon IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 50073, Process: svchost.exe)
2012/02/10 21:47:01 -0800 JON-PC Jon IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 50113, Process: svchost.exe)
2012/02/10 21:52:00 -0800 JON-PC Jon IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 51219, Process: svchost.exe)
2012/02/10 21:52:33 -0800 JON-PC Jon IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 51305, Process: svchost.exe)
2012/02/10 21:53:05 -0800 JON-PC Jon IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 51473, Process: svchost.exe)
2012/02/10 21:53:29 -0800 JON-PC Jon IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 51679, Process: svchost.exe)
2012/02/10 21:53:38 -0800 JON-PC Jon IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 51691, Process: svchost.exe)
2012/02/10 21:53:46 -0800 JON-PC Jon IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 51694, Process: svchost.exe)
2012/02/10 21:53:46 -0800 JON-PC Jon IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 51697, Process: svchost.exe)
2012/02/10 21:54:10 -0800 JON-PC Jon IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 51750, Process: svchost.exe)
2012/02/10 21:59:58 -0800 JON-PC Jon IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 52459, Process: svchost.exe)
2012/02/10 21:59:58 -0800 JON-PC Jon IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 52462, Process: svchost.exe)
2012/02/10 21:59:58 -0800 JON-PC Jon IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 52469, Process: svchost.exe)
2012/02/10 22:00:06 -0800 JON-PC Jon IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 52583, Process: svchost.exe)
2012/02/10 22:00:14 -0800 JON-PC Jon IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 52603, Process: svchost.exe)
2012/02/10 22:00:22 -0800 JON-PC Jon IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 52605, Process: svchost.exe)
2012/02/10 22:26:41 -0800 JON-PC Jon IP-BLOCK 141.136.16.77 (Type: outgoing, Port: 52958, Process: svchost.exe)
2012/02/10 22:28:42 -0800 JON-PC Jon IP-BLOCK 141.136.16.77 (Type: outgoing, Port: 52998, Process: svchost.exe)
2012/02/10 22:30:52 -0800 JON-PC Jon IP-BLOCK 141.136.16.77 (Type: outgoing, Port: 53033, Process: svchost.exe)
2012/02/10 22:33:01 -0800 JON-PC Jon IP-BLOCK 141.136.16.78 (Type: outgoing, Port: 53075, Process: svchost.exe)
2012/02/10 22:35:03 -0800 JON-PC Jon IP-BLOCK 141.136.16.78 (Type: outgoing, Port: 53123, Process: svchost.exe)
2012/02/10 22:59:44 -0800 JON-PC Jon IP-BLOCK 88.214.193.251 (Type: outgoing, Port: 53726, Process: iexplore.exe)
2012/02/10 22:59:44 -0800 JON-PC Jon IP-BLOCK 88.214.193.251 (Type: outgoing, Port: 53727, Process: iexplore.exe)
2012/02/10 22:59:44 -0800 JON-PC Jon IP-BLOCK 88.214.193.251 (Type: outgoing, Port: 53730, Process: iexplore.exe)
2012/02/10 23:11:16 -0800 JON-PC Jon MESSAGE Starting protection
2012/02/10 23:11:17 -0800 JON-PC Jon MESSAGE Protection started successfully
2012/02/10 23:11:20 -0800 JON-PC Jon MESSAGE Starting IP protection
2012/02/10 23:11:21 -0800 JON-PC Jon MESSAGE IP Protection started successfully
2012/02/10 23:51:37 -0800 JON-PC Jon MESSAGE Starting protection
2012/02/10 23:51:39 -0800 JON-PC Jon MESSAGE Protection started successfully
2012/02/10 23:51:42 -0800 JON-PC Jon MESSAGE Starting IP protection
2012/02/10 23:51:43 -0800 JON-PC Jon MESSAGE IP Protection started successfully
2012/02/10 23:55:54 -0800 JON-PC Jon DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/02/10 23:55:56 -0800 JON-PC Jon DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/02/10 23:56:20 -0800 JON-PC Jon DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/02/10 23:56:51 -0800 JON-PC Jon DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.11.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jon :: JON-PC [administrator]

Protection: Enabled

2/10/2012 9:09:38 PM
mbam-log-2012-02-10 (21-09-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 180581
Time elapsed: 2 minute(s), 20 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4204 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:18 PM

Posted 12 February 2012 - 04:52 PM

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot ,let me know if it finds infections

Restart the PC ,run malwarebytes once again




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users