Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirected to abnow.com


  • Please log in to reply
5 replies to this topic

#1 GMZ956

GMZ956

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 12 March 2012 - 01:39 PM

Hello,
I've been having a problem getting redirected to a website, abnow.com. This happens whenever I try to click on any link from a search engine, like yahoo or google. This happens on all my browsers, IE, Google Chrome, Firefox. Also, I'm running Windows 7. It's really annoying and the only way for me around it is to copy and paste the link from the results into the url bar. Your help is greatly appreciated, Thank you.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:35 AM

Posted 12 March 2012 - 07:41 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Restart the PC and run tdsskiller again to make sure its clean

Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 GMZ956

GMZ956
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 13 March 2012 - 03:01 PM

Hello, Thank you for your help. Here are the 3 logs..

TDSS log


13:30:46.0003 2744 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
13:30:46.0498 2744 ============================================================
13:30:46.0499 2744 Current date / time: 2012/03/13 13:30:46.0498
13:30:46.0499 2744 SystemInfo:
13:30:46.0499 2744
13:30:46.0499 2744 OS Version: 6.1.7601 ServicePack: 1.0
13:30:46.0499 2744 Product type: Workstation
13:30:46.0499 2744 ComputerName: LIZGMZ
13:30:46.0499 2744 UserName: Gomez
13:30:46.0499 2744 Windows directory: C:\Windows
13:30:46.0500 2744 System windows directory: C:\Windows
13:30:46.0500 2744 Running under WOW64
13:30:46.0500 2744 Processor architecture: Intel x64
13:30:46.0500 2744 Number of processors: 2
13:30:46.0500 2744 Page size: 0x1000
13:30:46.0500 2744 Boot type: Normal boot
13:30:46.0500 2744 ============================================================
13:30:48.0709 2744 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:30:48.0729 2744 \Device\Harddisk0\DR0:
13:30:48.0729 2744 MBR used
13:30:48.0729 2744 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x12B9000, BlocksNum 0x32000
13:30:48.0729 2744 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12EB000, BlocksNum 0x241432B0
13:30:48.0749 2744 Initialize success
13:30:48.0749 2744 ============================================================
13:31:41.0117 4572 ============================================================
13:31:41.0117 4572 Scan started
13:31:41.0117 4572 Mode: Manual; TDLFS;
13:31:41.0117 4572 ============================================================
13:31:43.0657 4572 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:31:43.0667 4572 1394ohci - ok
13:31:43.0777 4572 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:31:43.0787 4572 ACPI - ok
13:31:43.0887 4572 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:31:43.0887 4572 AcpiPmi - ok
13:31:43.0997 4572 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:31:44.0007 4572 adp94xx - ok
13:31:44.0117 4572 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:31:44.0127 4572 adpahci - ok
13:31:44.0339 4572 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:31:44.0349 4572 adpu320 - ok
13:31:44.0511 4572 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:31:44.0521 4572 AFD - ok
13:31:44.0681 4572 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:31:44.0681 4572 agp440 - ok
13:31:44.0761 4572 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:31:44.0771 4572 aliide - ok
13:31:44.0901 4572 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:31:44.0901 4572 amdide - ok
13:31:44.0981 4572 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:31:44.0991 4572 AmdK8 - ok
13:31:45.0333 4572 amdkmdag (d1d06810bf7e21f5763eb06cb7e7262b) C:\Windows\system32\DRIVERS\atipmdag.sys
13:31:45.0513 4572 amdkmdag - ok
13:31:45.0663 4572 amdkmdap (6ba71d6616b56816e57394d77dd1bb6f) C:\Windows\system32\DRIVERS\atikmpag.sys
13:31:45.0663 4572 amdkmdap - ok
13:31:45.0753 4572 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:31:45.0753 4572 AmdPPM - ok
13:31:45.0813 4572 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\drivers\amdsata.sys
13:31:45.0813 4572 amdsata - ok
13:31:45.0913 4572 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:31:45.0913 4572 amdsbs - ok
13:31:45.0983 4572 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\drivers\amdxata.sys
13:31:45.0983 4572 amdxata - ok
13:31:46.0294 4572 ApfiltrService (c68a7c2d498034cf3eb3bf331fdb0553) C:\Windows\system32\drivers\Apfiltr.sys
13:31:46.0334 4572 ApfiltrService - ok
13:31:46.0794 4572 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:31:46.0804 4572 AppID - ok
13:31:46.0954 4572 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:31:46.0964 4572 arc - ok
13:31:47.0004 4572 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:31:47.0014 4572 arcsas - ok
13:31:47.0104 4572 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:31:47.0104 4572 AsyncMac - ok
13:31:47.0204 4572 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:31:47.0204 4572 atapi - ok
13:31:47.0454 4572 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys
13:31:47.0544 4572 athr - ok
13:31:47.0664 4572 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\drivers\AtiPcie.sys
13:31:47.0664 4572 AtiPcie - ok
13:31:47.0834 4572 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:31:47.0844 4572 b06bdrv - ok
13:31:47.0954 4572 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:31:47.0964 4572 b57nd60a - ok
13:31:48.0114 4572 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:31:48.0114 4572 Beep - ok
13:31:48.0564 4572 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111210.003\BHDrvx64.sys
13:31:48.0584 4572 BHDrvx64 - ok
13:31:48.0714 4572 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
13:31:48.0714 4572 blbdrive - ok
13:31:48.0804 4572 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:31:48.0814 4572 bowser - ok
13:31:48.0854 4572 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:31:48.0854 4572 BrFiltLo - ok
13:31:48.0894 4572 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:31:48.0904 4572 BrFiltUp - ok
13:31:48.0944 4572 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:31:48.0954 4572 Brserid - ok
13:31:49.0004 4572 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:31:49.0004 4572 BrSerWdm - ok
13:31:49.0104 4572 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:31:49.0104 4572 BrUsbMdm - ok
13:31:49.0134 4572 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:31:49.0134 4572 BrUsbSer - ok
13:31:49.0314 4572 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
13:31:49.0354 4572 BthEnum - ok
13:31:49.0504 4572 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:31:49.0514 4572 BTHMODEM - ok
13:31:49.0604 4572 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
13:31:49.0604 4572 BthPan - ok
13:31:49.0724 4572 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
13:31:49.0744 4572 BTHPORT - ok
13:31:49.0864 4572 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
13:31:49.0864 4572 BTHUSB - ok
13:31:49.0954 4572 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
13:31:49.0954 4572 btwavdt - ok
13:31:50.0064 4572 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\drivers\btwrchid.sys
13:31:50.0064 4572 btwrchid - ok
13:31:50.0144 4572 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:31:50.0144 4572 cdfs - ok
13:31:50.0264 4572 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
13:31:50.0274 4572 cdrom - ok
13:31:50.0354 4572 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:31:50.0364 4572 circlass - ok
13:31:50.0434 4572 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:31:50.0434 4572 CLFS - ok
13:31:50.0584 4572 clwvd - ok
13:31:50.0674 4572 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
13:31:50.0674 4572 CmBatt - ok
13:31:50.0754 4572 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:31:50.0764 4572 cmdide - ok
13:31:50.0814 4572 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:31:50.0834 4572 CNG - ok
13:31:50.0944 4572 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:31:50.0944 4572 Compbatt - ok
13:31:51.0084 4572 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:31:51.0094 4572 CompositeBus - ok
13:31:51.0174 4572 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:31:51.0174 4572 crcdisk - ok
13:31:51.0436 4572 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:31:51.0436 4572 DfsC - ok
13:31:51.0496 4572 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:31:51.0496 4572 discache - ok
13:31:51.0566 4572 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:31:51.0566 4572 Disk - ok
13:31:51.0696 4572 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:31:51.0696 4572 drmkaud - ok
13:31:51.0796 4572 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:31:51.0846 4572 DXGKrnl - ok
13:31:52.0216 4572 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:31:52.0368 4572 ebdrv - ok
13:31:52.0538 4572 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
13:31:52.0548 4572 eeCtrl - ok
13:31:52.0688 4572 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:31:52.0698 4572 elxstor - ok
13:31:52.0768 4572 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:31:52.0768 4572 ErrDev - ok
13:31:52.0838 4572 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:31:52.0848 4572 exfat - ok
13:31:52.0888 4572 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:31:52.0888 4572 fastfat - ok
13:31:52.0998 4572 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:31:53.0008 4572 fdc - ok
13:31:53.0048 4572 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:31:53.0048 4572 FileInfo - ok
13:31:53.0088 4572 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:31:53.0088 4572 Filetrace - ok
13:31:53.0178 4572 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:31:53.0178 4572 flpydisk - ok
13:31:53.0308 4572 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:31:53.0318 4572 FltMgr - ok
13:31:53.0578 4572 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:31:53.0578 4572 FsDepends - ok
13:31:53.0718 4572 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
13:31:53.0728 4572 fssfltr - ok
13:31:53.0778 4572 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:31:53.0778 4572 Fs_Rec - ok
13:31:53.0878 4572 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:31:53.0878 4572 fvevol - ok
13:31:53.0938 4572 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:31:53.0938 4572 gagp30kx - ok
13:31:54.0008 4572 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:31:54.0008 4572 GEARAspiWDM - ok
13:31:54.0198 4572 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:31:54.0198 4572 hcw85cir - ok
13:31:54.0428 4572 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:31:54.0438 4572 HdAudAddService - ok
13:31:54.0548 4572 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:31:54.0548 4572 HDAudBus - ok
13:31:54.0608 4572 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:31:54.0608 4572 HidBatt - ok
13:31:54.0688 4572 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:31:54.0698 4572 HidBth - ok
13:31:54.0748 4572 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:31:54.0748 4572 HidIr - ok
13:31:54.0868 4572 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
13:31:54.0868 4572 HidUsb - ok
13:31:54.0998 4572 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:31:54.0998 4572 HpSAMD - ok
13:31:55.0118 4572 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:31:55.0168 4572 HTTP - ok
13:31:55.0218 4572 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:31:55.0218 4572 hwpolicy - ok
13:31:55.0308 4572 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:31:55.0308 4572 i8042prt - ok
13:31:55.0418 4572 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:31:55.0428 4572 iaStorV - ok
13:31:55.0628 4572 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111214.001\IDSvia64.sys
13:31:55.0638 4572 IDSVia64 - ok
13:31:55.0738 4572 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:31:55.0738 4572 iirsp - ok
13:31:55.0930 4572 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\Windows\system32\drivers\RTKVHD64.sys
13:31:56.0000 4572 IntcAzAudAddService - ok
13:31:56.0090 4572 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:31:56.0090 4572 intelide - ok
13:31:56.0160 4572 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
13:31:56.0170 4572 intelppm - ok
13:31:56.0290 4572 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:31:56.0320 4572 IpFilterDriver - ok
13:31:56.0430 4572 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:31:56.0440 4572 IPMIDRV - ok
13:31:56.0520 4572 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:31:56.0520 4572 IPNAT - ok
13:31:56.0680 4572 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:31:56.0680 4572 IRENUM - ok
13:31:56.0740 4572 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:31:56.0750 4572 isapnp - ok
13:31:56.0810 4572 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:31:56.0810 4572 iScsiPrt - ok
13:31:56.0870 4572 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:31:56.0870 4572 kbdclass - ok
13:31:56.0990 4572 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:31:57.0000 4572 kbdhid - ok
13:31:57.0060 4572 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:31:57.0060 4572 KSecDD - ok
13:31:57.0130 4572 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:31:57.0140 4572 KSecPkg - ok
13:31:57.0220 4572 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:31:57.0230 4572 ksthunk - ok
13:31:57.0700 4572 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:31:57.0700 4572 lltdio - ok
13:31:57.0832 4572 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:31:57.0832 4572 LSI_FC - ok
13:31:57.0892 4572 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:31:57.0902 4572 LSI_SAS - ok
13:31:57.0932 4572 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:31:57.0932 4572 LSI_SAS2 - ok
13:31:57.0962 4572 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:31:57.0972 4572 LSI_SCSI - ok
13:31:58.0012 4572 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:31:58.0012 4572 luafv - ok
13:31:58.0202 4572 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:31:58.0212 4572 megasas - ok
13:31:58.0272 4572 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:31:58.0332 4572 MegaSR - ok
13:31:58.0602 4572 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:31:58.0612 4572 Modem - ok
13:31:58.0682 4572 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:31:58.0682 4572 monitor - ok
13:31:58.0792 4572 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
13:31:58.0792 4572 mouclass - ok
13:31:58.0912 4572 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:31:58.0912 4572 mouhid - ok
13:31:58.0992 4572 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:31:58.0992 4572 mountmgr - ok
13:31:59.0052 4572 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:31:59.0062 4572 mpio - ok
13:31:59.0132 4572 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:31:59.0142 4572 mpsdrv - ok
13:31:59.0202 4572 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:31:59.0202 4572 MRxDAV - ok
13:31:59.0272 4572 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:31:59.0282 4572 mrxsmb - ok
13:31:59.0422 4572 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:31:59.0472 4572 mrxsmb10 - ok
13:31:59.0592 4572 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:31:59.0592 4572 mrxsmb20 - ok
13:31:59.0708 4572 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:31:59.0711 4572 msahci - ok
13:31:59.0768 4572 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:31:59.0773 4572 msdsm - ok
13:31:59.0841 4572 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:31:59.0843 4572 Msfs - ok
13:31:59.0898 4572 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:31:59.0901 4572 mshidkmdf - ok
13:31:59.0959 4572 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:31:59.0962 4572 msisadrv - ok
13:32:00.0088 4572 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:32:00.0091 4572 MSKSSRV - ok
13:32:00.0126 4572 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:32:00.0128 4572 MSPCLOCK - ok
13:32:00.0235 4572 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:32:00.0237 4572 MSPQM - ok
13:32:00.0359 4572 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:32:00.0370 4572 MsRPC - ok
13:32:00.0452 4572 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:32:00.0454 4572 mssmbios - ok
13:32:00.0664 4572 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:32:00.0665 4572 MSTEE - ok
13:32:00.0725 4572 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:32:00.0735 4572 MTConfig - ok
13:32:01.0065 4572 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:32:01.0065 4572 Mup - ok
13:32:01.0411 4572 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:32:01.0419 4572 NativeWifiP - ok
13:32:01.0875 4572 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111214.001\ENG64.SYS
13:32:01.0881 4572 NAVENG - ok
13:32:02.0586 4572 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111214.001\EX64.SYS
13:32:02.0646 4572 NAVEX15 - ok
13:32:02.0856 4572 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:32:02.0876 4572 NDIS - ok
13:32:02.0996 4572 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:32:03.0006 4572 NdisCap - ok
13:32:03.0066 4572 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:32:03.0066 4572 NdisTapi - ok
13:32:03.0246 4572 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:32:03.0256 4572 Ndisuio - ok
13:32:03.0366 4572 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:32:03.0376 4572 NdisWan - ok
13:32:03.0436 4572 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:32:03.0446 4572 NDProxy - ok
13:32:03.0506 4572 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:32:03.0506 4572 NetBIOS - ok
13:32:03.0586 4572 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:32:03.0596 4572 NetBT - ok
13:32:03.0696 4572 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:32:03.0696 4572 nfrd960 - ok
13:32:03.0776 4572 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:32:03.0776 4572 Npfs - ok
13:32:03.0806 4572 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:32:03.0816 4572 nsiproxy - ok
13:32:03.0926 4572 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:32:03.0996 4572 Ntfs - ok
13:32:04.0086 4572 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:32:04.0086 4572 Null - ok
13:32:04.0156 4572 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:32:04.0166 4572 nvraid - ok
13:32:04.0226 4572 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:32:04.0226 4572 nvstor - ok
13:32:04.0376 4572 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:32:04.0386 4572 nv_agp - ok
13:32:04.0506 4572 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:32:04.0516 4572 ohci1394 - ok
13:32:04.0606 4572 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:32:04.0616 4572 Parport - ok
13:32:04.0666 4572 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:32:04.0676 4572 partmgr - ok
13:32:04.0746 4572 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:32:04.0756 4572 pci - ok
13:32:04.0776 4572 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:32:04.0776 4572 pciide - ok
13:32:04.0836 4572 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:32:04.0836 4572 pcmcia - ok
13:32:04.0976 4572 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:32:04.0976 4572 pcw - ok
13:32:05.0036 4572 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:32:05.0046 4572 PEAUTH - ok
13:32:05.0386 4572 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:32:05.0426 4572 PptpMiniport - ok
13:32:05.0566 4572 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:32:05.0566 4572 Processor - ok
13:32:05.0736 4572 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:32:05.0746 4572 Psched - ok
13:32:05.0786 4572 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
13:32:05.0796 4572 PxHlpa64 - ok
13:32:05.0926 4572 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:32:06.0006 4572 ql2300 - ok
13:32:06.0086 4572 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:32:06.0086 4572 ql40xx - ok
13:32:06.0136 4572 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:32:06.0136 4572 QWAVEdrv - ok
13:32:06.0176 4572 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:32:06.0186 4572 RasAcd - ok
13:32:06.0516 4572 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:32:06.0546 4572 RasAgileVpn - ok
13:32:06.0606 4572 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:32:06.0616 4572 Rasl2tp - ok
13:32:06.0656 4572 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:32:06.0666 4572 RasPppoe - ok
13:32:06.0726 4572 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:32:06.0736 4572 RasSstp - ok
13:32:06.0796 4572 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:32:06.0806 4572 rdbss - ok
13:32:06.0876 4572 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
13:32:06.0876 4572 rdpbus - ok
13:32:06.0906 4572 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:32:06.0906 4572 RDPCDD - ok
13:32:07.0016 4572 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:32:07.0016 4572 RDPENCDD - ok
13:32:07.0056 4572 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:32:07.0056 4572 RDPREFMP - ok
13:32:07.0106 4572 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
13:32:07.0106 4572 RDPWD - ok
13:32:07.0236 4572 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:32:07.0347 4572 rdyboost - ok
13:32:07.0567 4572 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
13:32:07.0577 4572 RFCOMM - ok
13:32:07.0697 4572 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
13:32:07.0707 4572 RimUsb - ok
13:32:08.0087 4572 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
13:32:08.0087 4572 RimVSerPort - ok
13:32:08.0167 4572 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
13:32:08.0167 4572 ROOTMODEM - ok
13:32:08.0407 4572 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:32:08.0427 4572 rspndr - ok
13:32:08.0567 4572 RSUSBSTOR (5aab4808e8ccae8c2ecda5b791260616) C:\Windows\system32\Drivers\RtsUStor.sys
13:32:08.0567 4572 RSUSBSTOR - ok
13:32:08.0687 4572 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
13:32:08.0697 4572 RTHDMIAzAudService - ok
13:32:08.0767 4572 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:32:08.0777 4572 RTL8167 - ok
13:32:08.0937 4572 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:32:08.0947 4572 sbp2port - ok
13:32:09.0117 4572 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:32:09.0117 4572 scfilter - ok
13:32:09.0377 4572 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:32:09.0377 4572 secdrv - ok
13:32:09.0497 4572 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
13:32:09.0507 4572 Serenum - ok
13:32:09.0577 4572 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
13:32:09.0577 4572 Serial - ok
13:32:09.0647 4572 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:32:09.0647 4572 sermouse - ok
13:32:09.0797 4572 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
13:32:09.0797 4572 SFEP - ok
13:32:09.0857 4572 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:32:09.0867 4572 sffdisk - ok
13:32:09.0937 4572 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:32:09.0947 4572 sffp_mmc - ok
13:32:09.0967 4572 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:32:09.0967 4572 sffp_sd - ok
13:32:10.0023 4572 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:32:10.0026 4572 sfloppy - ok
13:32:10.0117 4572 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:32:10.0117 4572 SiSRaid2 - ok
13:32:10.0197 4572 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:32:10.0197 4572 SiSRaid4 - ok
13:32:10.0317 4572 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:32:10.0327 4572 Smb - ok
13:32:10.0557 4572 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:32:10.0557 4572 spldr - ok
13:32:10.0817 4572 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS
13:32:10.0857 4572 SRTSP - ok
13:32:10.0887 4572 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS
13:32:10.0887 4572 SRTSPX - ok
13:32:10.0957 4572 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:32:10.0967 4572 srv - ok
13:32:11.0007 4572 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:32:11.0017 4572 srv2 - ok
13:32:11.0057 4572 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:32:11.0067 4572 srvnet - ok
13:32:11.0157 4572 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
13:32:11.0167 4572 ssadbus - ok
13:32:11.0207 4572 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
13:32:11.0217 4572 ssadmdfl - ok
13:32:11.0337 4572 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
13:32:11.0377 4572 ssadmdm - ok
13:32:11.0477 4572 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:32:11.0477 4572 stexstor - ok
13:32:11.0587 4572 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:32:11.0587 4572 swenum - ok
13:32:11.0807 4572 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS
13:32:11.0817 4572 SymDS - ok
13:32:12.0017 4572 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS
13:32:12.0047 4572 SymEFA - ok
13:32:12.0177 4572 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
13:32:12.0187 4572 SymEvent - ok
13:32:12.0358 4572 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS
13:32:12.0398 4572 SymIRON - ok
13:32:12.0488 4572 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS
13:32:12.0498 4572 SymNetS - ok
13:32:12.0648 4572 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:32:12.0718 4572 Tcpip - ok
13:32:12.0898 4572 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:32:12.0928 4572 TCPIP6 - ok
13:32:12.0978 4572 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:32:12.0988 4572 tcpipreg - ok
13:32:13.0038 4572 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:32:13.0038 4572 TDPIPE - ok
13:32:13.0078 4572 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:32:13.0078 4572 TDTCP - ok
13:32:13.0148 4572 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:32:13.0158 4572 tdx - ok
13:32:13.0218 4572 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:32:13.0218 4572 TermDD - ok
13:32:13.0438 4572 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:32:13.0438 4572 tssecsrv - ok
13:32:13.0528 4572 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:32:13.0528 4572 TsUsbFlt - ok
13:32:13.0618 4572 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:32:13.0618 4572 tunnel - ok
13:32:13.0688 4572 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:32:13.0688 4572 uagp35 - ok
13:32:13.0778 4572 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:32:13.0788 4572 udfs - ok
13:32:13.0858 4572 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:32:13.0858 4572 uliagpkx - ok
13:32:13.0928 4572 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:32:13.0928 4572 umbus - ok
13:32:13.0978 4572 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:32:13.0988 4572 UmPass - ok
13:32:14.0038 4572 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
13:32:14.0048 4572 USBAAPL64 - ok
13:32:14.0098 4572 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:32:14.0108 4572 usbccgp - ok
13:32:14.0188 4572 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:32:14.0188 4572 usbcir - ok
13:32:14.0228 4572 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:32:14.0238 4572 usbehci - ok
13:32:14.0461 4572 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
13:32:14.0464 4572 usbfilter - ok
13:32:14.0556 4572 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:32:14.0565 4572 usbhub - ok
13:32:14.0623 4572 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
13:32:14.0626 4572 usbohci - ok
13:32:14.0672 4572 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
13:32:14.0676 4572 usbprint - ok
13:32:14.0733 4572 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:32:14.0738 4572 USBSTOR - ok
13:32:14.0789 4572 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:32:14.0792 4572 usbuhci - ok
13:32:14.0875 4572 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
13:32:14.0881 4572 usbvideo - ok
13:32:15.0087 4572 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:32:15.0091 4572 vdrvroot - ok
13:32:15.0211 4572 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:32:15.0213 4572 vga - ok
13:32:15.0255 4572 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:32:15.0257 4572 VgaSave - ok
13:32:15.0333 4572 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:32:15.0337 4572 vhdmp - ok
13:32:15.0423 4572 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:32:15.0423 4572 viaide - ok
13:32:15.0493 4572 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:32:15.0493 4572 volmgr - ok
13:32:15.0543 4572 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:32:15.0553 4572 volmgrx - ok
13:32:15.0633 4572 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:32:15.0643 4572 volsnap - ok
13:32:15.0693 4572 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:32:15.0693 4572 vsmraid - ok
13:32:15.0833 4572 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:32:15.0833 4572 vwifibus - ok
13:32:15.0933 4572 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:32:15.0933 4572 vwififlt - ok
13:32:16.0063 4572 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:32:16.0073 4572 vwifimp - ok
13:32:16.0143 4572 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:32:16.0153 4572 WacomPen - ok
13:32:16.0243 4572 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:32:16.0243 4572 WANARP - ok
13:32:16.0283 4572 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:32:16.0293 4572 Wanarpv6 - ok
13:32:16.0565 4572 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:32:16.0575 4572 Wd - ok
13:32:16.0695 4572 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:32:16.0745 4572 Wdf01000 - ok
13:32:16.0895 4572 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:32:16.0895 4572 WfpLwf - ok
13:32:16.0935 4572 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:32:16.0935 4572 WIMMount - ok
13:32:17.0127 4572 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:32:17.0137 4572 WinUsb - ok
13:32:17.0277 4572 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:32:17.0277 4572 WmiAcpi - ok
13:32:17.0377 4572 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:32:17.0377 4572 ws2ifsl - ok
13:32:17.0467 4572 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:32:17.0467 4572 WudfPf - ok
13:32:17.0517 4572 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:32:17.0527 4572 WUDFRd - ok
13:32:17.0677 4572 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:32:17.0997 4572 \Device\Harddisk0\DR0 - ok
13:32:17.0997 4572 Boot (0x1200) (9497a36ca63d686d988fe6631d6fb486) \Device\Harddisk0\DR0\Partition0
13:32:18.0007 4572 \Device\Harddisk0\DR0\Partition0 - ok
13:32:18.0067 4572 Boot (0x1200) (790c2340449151c291e662527dbea1e4) \Device\Harddisk0\DR0\Partition1
13:32:18.0067 4572 \Device\Harddisk0\DR0\Partition1 - ok
13:32:18.0067 4572 ============================================================
13:32:18.0077 4572 Scan finished
13:32:18.0077 4572 ============================================================
13:32:18.0107 5200 Detected object count: 0
13:32:18.0107 5200 Actual detected object count: 0
13:32:28.0834 5736 Deinitialize success



GMER log


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-13 14:31:50
Windows 6.1.7601 Service Pack 1
Running: qo4stcru.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313fe70ca
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313fe70ca (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DDYKQ7OR\errorPageStrings[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DDYKQ7OR\ErrorPageTemplate[2] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DDYKQ7OR\gFsY7Vf74mE[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DDYKQ7OR\likebox[1].htm 13231 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DDYKQ7OR\300X250banner[1].htm 1201 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IK23H48M\beacon[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IK23H48M\malekor[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IK23H48M\300x250[1].htm 374 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IK23H48M\ed798d9558c43124c832f94d025fd10e[1].htm 11312 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IK23H48M\front[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\Variety_of_food[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\slider[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\slider_handlebg-4[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\slider_inactive[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\more-top-news-bg[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\navbar[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\advertisement-bg-image[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\advertisement-horizontal[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\advertisement[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\Affleck_Garner_thumb[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\product-widget-bkg[1].png 165 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\glamadapt_jsrv[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\glamadapt_jsrv[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\glamadapt_jsrv[3].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\517266068_c_148_111[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\5_concert02[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\5_leadership04[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\engadgetfbbanner[1].png 2859 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\engadgetipad3midhero_200x80[1].jpg 7197 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\ffiad[4].htm 412 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\ffiad[5].htm 411 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\ffiad[6].htm 414 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\google_custom_search_watermark[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\quickgirlgames_com[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\buddyicon[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\buddyicon[3].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\bullyboy[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\button[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\check-small[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\Children_0[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\allergies_travel-150x150[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\anon[2].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\arm_massage_0[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\lgl[7].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\play-free-flash-game-spectrum-genesis[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\thumbCA4H6DID.jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\thumbCAEOU95I.jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\1_1_1_DL_160[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\21280[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\shortcodes[1].css 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\comments[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\custom[2].css 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\default-thumb[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\l[1].js 1751 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\min[2].js 225 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\ipad-2-2lt3-50[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\ipadrev622_269x117[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\space-invaders[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\ffiad[3].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\functions[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\star[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\styles_design[1].css 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\dog_allergy_lick_cat-150x150[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\if[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\if[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\thumbCALYM7KF.jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\151002[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\151024[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\151129[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\151197[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\151199[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\151199[2].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\151223[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\151226[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\151227[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\151228[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\151294[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\navcancl[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\nextgenguy-2kni-25[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\150x90__4e7ff00232a4f[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\150x90__4ecc01ed36ade[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\fpi[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\thumbCAXF9X33.jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\thumbCAY0FG10.jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LV3TLGIF\thumbCAY4GOT6.jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0FUQ7QUD.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\RMHA59QJ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\C26C1C0K.txt 106 bytes

---- EOF - GMER 1.0.15 ----



aswMBR log


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-13 14:35:16
-----------------------------
14:35:16.504 OS Version: Windows x64 6.1.7601 Service Pack 1
14:35:16.504 Number of processors: 2 586 0x603
14:35:16.504 ComputerName: LIZGMZ UserName: Gomez
14:35:19.593 Initialize success
14:37:03.964 AVAST engine defs: 12031300
14:37:15.205 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
14:37:15.212 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 11
14:37:15.240 Disk 0 MBR read successfully
14:37:15.247 Disk 0 MBR scan
14:37:15.256 Disk 0 Windows 7 default MBR code
14:37:15.264 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9584 MB offset 2048
14:37:15.286 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 19632128
14:37:15.303 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 295558 MB offset 19836928
14:37:15.340 Disk 0 scanning C:\Windows\system32\drivers
14:37:33.087 Service scanning
14:37:52.811 Service mskservice C:\Windows\system32\ctsfm2k.dll **INFECTED** Win64:Sirefef-E [Trj]
14:38:26.757 Modules scanning
14:38:26.776 Disk 0 trace - called modules:
14:38:26.834 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys
14:38:26.846 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031b3430]
14:38:26.859 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80021d86a0]
14:38:26.872 5 amdxata.sys[fffff8800108a7a8] -> nt!IofCallDriver -> [0xfffffa800318e710]
14:38:26.884 7 ACPI.sys[fffff88000eed7a1] -> nt!IofCallDriver -> \Device\00000061[0xfffffa800318b060]
14:38:29.930 AVAST engine scan C:\Windows
14:38:35.374 AVAST engine scan C:\Windows\system32
14:38:55.661 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-JQ [Trj]
14:38:57.168 File: C:\Windows\system32\ctsfm2k.dll **INFECTED** Win64:Sirefef-E [Trj]
14:41:42.892 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
14:41:46.480 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
14:43:57.993 File: C:\Windows\assembly\tmp\09LHRGZG\extensibility.dll **SUSPICIOUS**
14:43:58.071 File: C:\Windows\assembly\tmp\0GCVTD8B\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.dll **SUSPICIOUS**
14:43:58.180 File: C:\Windows\assembly\tmp\1BU0IPJD\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll **SUSPICIOUS**
14:43:58.242 File: C:\Windows\assembly\tmp\1JLJ8RXX\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.dll **SUSPICIOUS**
14:43:58.336 File: C:\Windows\assembly\tmp\1TVR2W8T\Microsoft.Office.Tools.Outlook.v9.0.dll **SUSPICIOUS**
14:43:58.414 File: C:\Windows\assembly\tmp\24Y6FYOQ\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.dll **SUSPICIOUS**
14:43:58.508 File: C:\Windows\assembly\tmp\3FXPTMNF\Microsoft.Office.Tools.Word.v9.0.dll **SUSPICIOUS**
14:43:58.617 File: C:\Windows\assembly\tmp\3H9DJEB4\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll **SUSPICIOUS**
14:43:58.710 File: C:\Windows\assembly\tmp\3WHPJYDN\Policy.11.0.Microsoft.Office.Interop.Graph.dll **SUSPICIOUS**
14:43:58.773 File: C:\Windows\assembly\tmp\3WHPJYDN\ZYY1D3IJ **SUSPICIOUS**
14:43:58.804 File: C:\Windows\assembly\tmp\406DLA3A\stdole.dll **SUSPICIOUS**
14:43:58.866 File: C:\Windows\assembly\tmp\4LQZU0C8\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll **SUSPICIOUS**
14:43:58.944 File: C:\Windows\assembly\tmp\4MFZJFIE\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll **SUSPICIOUS**
14:43:59.022 File: C:\Windows\assembly\tmp\4WF0OCBQ\Policy.12.0.Microsoft.Office.Interop.PowerPoint.dll **SUSPICIOUS**
14:43:59.116 File: C:\Windows\assembly\tmp\4WF0OCBQ\PXEX8YSE **SUSPICIOUS**
14:43:59.194 File: C:\Windows\assembly\tmp\4ZA6SPQ3\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll **SUSPICIOUS**
14:43:59.272 File: C:\Windows\assembly\tmp\56S2IPA5\Microsoft.Office.Tools.v9.0.dll **SUSPICIOUS**
14:43:59.366 File: C:\Windows\assembly\tmp\590FAVNT\Microsoft.mshtml.dll **SUSPICIOUS**
14:43:59.428 File: C:\Windows\assembly\tmp\69A9OURS\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll **SUSPICIOUS**
14:43:59.522 File: C:\Windows\assembly\tmp\6GYRGC7B\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll **SUSPICIOUS**
14:43:59.615 File: C:\Windows\assembly\tmp\6IVMY7OU\Policy.12.0.Microsoft.Office.Interop.SmartTag.dll **SUSPICIOUS**
14:43:59.693 File: C:\Windows\assembly\tmp\6IVMY7OU\U0EKYEG9 **SUSPICIOUS**
14:43:59.756 File: C:\Windows\assembly\tmp\6SWSLV31\Microsoft.Office.interop.access.dao.dll **SUSPICIOUS**
14:43:59.834 File: C:\Windows\assembly\tmp\72LTI1GD\Microsoft.Office.Interop.OneNote.dll **SUSPICIOUS**
14:43:59.896 File: C:\Windows\assembly\tmp\7F5N67S7\Microsoft.Office.Interop.SmartTag.dll **SUSPICIOUS**
14:43:59.974 File: C:\Windows\assembly\tmp\881OWPUT\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll **SUSPICIOUS**
14:44:00.083 File: C:\Windows\assembly\tmp\9134LQOO\Microsoft.Office.Interop.PowerPoint.dll **SUSPICIOUS**
14:44:00.192 File: C:\Windows\assembly\tmp\A36DKPQZ\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.dll **SUSPICIOUS**
14:44:00.286 File: C:\Windows\assembly\tmp\BFYM40PN\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.dll **SUSPICIOUS**
14:44:00.380 File: C:\Windows\assembly\tmp\DY990KHK\OFFICE.DLL **SUSPICIOUS**
14:44:00.520 File: C:\Windows\assembly\tmp\F9D8LGC8\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll **SUSPICIOUS**
14:44:00.614 File: C:\Windows\assembly\tmp\FAPNPT27\Policy.12.0.Office.dll **SUSPICIOUS**
14:44:00.692 File: C:\Windows\assembly\tmp\FTI8MEZM\Policy.12.0.Microsoft.Office.Interop.Graph.dll **SUSPICIOUS**
14:44:00.785 File: C:\Windows\assembly\tmp\G0913EPH\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll **SUSPICIOUS**
14:44:00.863 File: C:\Windows\assembly\tmp\GAJZ5936\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll **SUSPICIOUS**
14:44:00.957 File: C:\Windows\assembly\tmp\GLIL3BMD\Policy.11.0.Microsoft.Office.Interop.Excel.dll **SUSPICIOUS**
14:44:01.035 File: C:\Windows\assembly\tmp\GPMFFDKS\Microsoft.Office.Interop.Excel.dll **SUSPICIOUS**
14:44:01.316 File: C:\Windows\assembly\tmp\GSBIWYGF\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.dll **SUSPICIOUS**
14:44:01.440 File: C:\Windows\assembly\tmp\GZYNIK93\Microsoft.Vbe.Interop.dll **SUSPICIOUS**
14:44:01.534 File: C:\Windows\assembly\tmp\H789B592\Microsoft.stdformat.dll **SUSPICIOUS**
14:44:01.612 File: C:\Windows\assembly\tmp\HO4OPG5I\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll **SUSPICIOUS**
14:44:01.706 File: C:\Windows\assembly\tmp\HVFJKCDC\Microsoft.Office.Tools.Common.v9.0.dll **SUSPICIOUS**
14:44:01.830 File: C:\Windows\assembly\tmp\ILFF5728\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll **SUSPICIOUS**
14:44:01.955 File: C:\Windows\assembly\tmp\J5UDHGBB\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll **SUSPICIOUS**
14:44:02.049 File: C:\Windows\assembly\tmp\JKF5M2QZ\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.dll **SUSPICIOUS**
14:44:02.142 File: C:\Windows\assembly\tmp\loader.tlb **SUSPICIOUS**
14:44:02.205 File: C:\Windows\assembly\tmp\M9F0MFPE\MSCOMCTL.DLL **SUSPICIOUS**
14:44:02.298 File: C:\Windows\assembly\tmp\MARBNXFD\Policy.12.0.Microsoft.Office.Interop.Word.dll **SUSPICIOUS**
14:44:02.392 File: C:\Windows\assembly\tmp\MARBNXFD\R8EWVT9L **SUSPICIOUS**
14:44:02.454 File: C:\Windows\assembly\tmp\MVZHCHXZ\Microsoft.Office.Interop.Graph.dll **SUSPICIOUS**
14:44:02.548 File: C:\Windows\assembly\tmp\NI3B8D2Q\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll **SUSPICIOUS**
14:44:02.626 File: C:\Windows\assembly\tmp\PSQH4H00\Policy.12.0.Microsoft.Office.Interop.Excel.dll **SUSPICIOUS**
14:44:02.688 File: C:\Windows\assembly\tmp\PSQH4H00\XFNJSP3U **SUSPICIOUS**
14:44:02.735 File: C:\Windows\assembly\tmp\QWZLHCO5\Policy.11.0.Microsoft.Office.Interop.Word.dll **SUSPICIOUS**
14:44:02.798 File: C:\Windows\assembly\tmp\RD2YQXP7\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll **SUSPICIOUS**
14:44:02.876 File: C:\Windows\assembly\tmp\S2SV3HGN\Policy.12.0.Microsoft.Vbe.Interop.dll **SUSPICIOUS**
14:44:02.969 File: C:\Windows\assembly\tmp\TGDU5V0D\msdatasrc.dll **SUSPICIOUS**
14:44:03.063 File: C:\Windows\assembly\tmp\TUCUT658\Microsoft.Office.Tools.Excel.v9.0.dll **SUSPICIOUS**
14:44:03.188 File: C:\Windows\assembly\tmp\TYSANYDS\Microsoft.Office.Interop.OneNote.dll **SUSPICIOUS**
14:44:03.312 File: C:\Windows\assembly\tmp\U\00000001.@ **SUSPICIOUS**
14:44:03.406 File: C:\Windows\assembly\tmp\U\000000c0.@ **SUSPICIOUS**
14:44:03.453 File: C:\Windows\assembly\tmp\U\000000cb.@ **SUSPICIOUS**
14:44:03.500 File: C:\Windows\assembly\tmp\U\000000cb.@ **INFECTED** Other:Malware-gen
14:44:03.546 File: C:\Windows\assembly\tmp\U\000000cf.@ **SUSPICIOUS**
14:44:03.609 File: C:\Windows\assembly\tmp\U\80000000.@ **SUSPICIOUS**
14:44:03.718 File: C:\Windows\assembly\tmp\U\800000c0.@ **SUSPICIOUS**
14:44:03.765 File: C:\Windows\assembly\tmp\U\800000c0.@ **INFECTED** Win32:Sirefef-PL [Rtk]
14:44:03.827 File: C:\Windows\assembly\tmp\U\800000cb.@ **SUSPICIOUS**
14:44:03.874 File: C:\Windows\assembly\tmp\U\800000cb.@ **INFECTED** Win32:Malware-gen
14:44:03.936 File: C:\Windows\assembly\tmp\U\800000cf.@ **SUSPICIOUS**
14:44:03.968 File: C:\Windows\assembly\tmp\U\800000cf.@ **INFECTED** Win32:Malware-gen
14:44:04.030 File: C:\Windows\assembly\tmp\UCT45EMK\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll **SUSPICIOUS**
14:44:04.108 File: C:\Windows\assembly\tmp\UEIWLRR2\adodb.dll **SUSPICIOUS**
14:44:04.217 File: C:\Windows\assembly\tmp\UJDE20Y0\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll **SUSPICIOUS**
14:44:04.311 File: C:\Windows\assembly\tmp\UPB6F312\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll **SUSPICIOUS**
14:44:04.404 File: C:\Windows\assembly\tmp\VAB17CDU\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.dll **SUSPICIOUS**
14:44:04.482 File: C:\Windows\assembly\tmp\VRJGOYJX\Policy.11.0.Microsoft.Vbe.Interop.dll **SUSPICIOUS**
14:44:04.545 File: C:\Windows\assembly\tmp\VRJGOYJX\V4JOHTA9 **SUSPICIOUS**
14:44:04.607 File: C:\Windows\assembly\tmp\W8LFMFE8\Microsoft.Vbe.Interop.Forms.dll **SUSPICIOUS**
14:44:04.670 File: C:\Windows\assembly\tmp\XCDA4G9M\Microsoft.Office.Interop.Word.dll **SUSPICIOUS**
14:44:04.826 File: C:\Windows\assembly\tmp\Y6GH6RJD\Policy.12.0.Microsoft.Office.Interop.Access.Dao.dll **SUSPICIOUS**
14:44:04.904 File: C:\Windows\assembly\tmp\Y6GH6RJD\Q75OVUFC **SUSPICIOUS**
14:44:04.966 File: C:\Windows\assembly\tmp\YQNRI4QH\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll **SUSPICIOUS**
14:44:05.028 File: C:\Windows\assembly\tmp\ZJBX7Z9W\Policy.11.0.Office.dll **SUSPICIOUS**
14:44:05.122 File: C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} **SUSPICIOUS**
14:44:07.602 AVAST engine scan C:\Windows\system32\drivers
14:44:36.167 AVAST engine scan C:\Users\Gomez
14:45:35.671 Disk 0 MBR has been saved successfully to "C:\Users\Gomez\Desktop\MBR.dat"
14:45:35.686 The log file has been saved successfully to "C:\Users\Gomez\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-13 14:35:16
-----------------------------
14:35:16.504 OS Version: Windows x64 6.1.7601 Service Pack 1
14:35:16.504 Number of processors: 2 586 0x603
14:35:16.504 ComputerName: LIZGMZ UserName: Gomez
14:35:19.593 Initialize success
14:37:03.964 AVAST engine defs: 12031300
14:37:15.205 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
14:37:15.212 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 11
14:37:15.240 Disk 0 MBR read successfully
14:37:15.247 Disk 0 MBR scan
14:37:15.256 Disk 0 Windows 7 default MBR code
14:37:15.264 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9584 MB offset 2048
14:37:15.286 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 19632128
14:37:15.303 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 295558 MB offset 19836928
14:37:15.340 Disk 0 scanning C:\Windows\system32\drivers
14:37:33.087 Service scanning
14:37:52.811 Service mskservice C:\Windows\system32\ctsfm2k.dll **INFECTED** Win64:Sirefef-E [Trj]
14:38:26.757 Modules scanning
14:38:26.776 Disk 0 trace - called modules:
14:38:26.834 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys
14:38:26.846 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031b3430]
14:38:26.859 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80021d86a0]
14:38:26.872 5 amdxata.sys[fffff8800108a7a8] -> nt!IofCallDriver -> [0xfffffa800318e710]
14:38:26.884 7 ACPI.sys[fffff88000eed7a1] -> nt!IofCallDriver -> \Device\00000061[0xfffffa800318b060]
14:38:29.930 AVAST engine scan C:\Windows
14:38:35.374 AVAST engine scan C:\Windows\system32
14:38:55.661 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-JQ [Trj]
14:38:57.168 File: C:\Windows\system32\ctsfm2k.dll **INFECTED** Win64:Sirefef-E [Trj]
14:41:42.892 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
14:41:46.480 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
14:43:57.993 File: C:\Windows\assembly\tmp\09LHRGZG\extensibility.dll **SUSPICIOUS**
14:43:58.071 File: C:\Windows\assembly\tmp\0GCVTD8B\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.dll **SUSPICIOUS**
14:43:58.180 File: C:\Windows\assembly\tmp\1BU0IPJD\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll **SUSPICIOUS**
14:43:58.242 File: C:\Windows\assembly\tmp\1JLJ8RXX\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.dll **SUSPICIOUS**
14:43:58.336 File: C:\Windows\assembly\tmp\1TVR2W8T\Microsoft.Office.Tools.Outlook.v9.0.dll **SUSPICIOUS**
14:43:58.414 File: C:\Windows\assembly\tmp\24Y6FYOQ\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.dll **SUSPICIOUS**
14:43:58.508 File: C:\Windows\assembly\tmp\3FXPTMNF\Microsoft.Office.Tools.Word.v9.0.dll **SUSPICIOUS**
14:43:58.617 File: C:\Windows\assembly\tmp\3H9DJEB4\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll **SUSPICIOUS**
14:43:58.710 File: C:\Windows\assembly\tmp\3WHPJYDN\Policy.11.0.Microsoft.Office.Interop.Graph.dll **SUSPICIOUS**
14:43:58.773 File: C:\Windows\assembly\tmp\3WHPJYDN\ZYY1D3IJ **SUSPICIOUS**
14:43:58.804 File: C:\Windows\assembly\tmp\406DLA3A\stdole.dll **SUSPICIOUS**
14:43:58.866 File: C:\Windows\assembly\tmp\4LQZU0C8\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll **SUSPICIOUS**
14:43:58.944 File: C:\Windows\assembly\tmp\4MFZJFIE\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll **SUSPICIOUS**
14:43:59.022 File: C:\Windows\assembly\tmp\4WF0OCBQ\Policy.12.0.Microsoft.Office.Interop.PowerPoint.dll **SUSPICIOUS**
14:43:59.116 File: C:\Windows\assembly\tmp\4WF0OCBQ\PXEX8YSE **SUSPICIOUS**
14:43:59.194 File: C:\Windows\assembly\tmp\4ZA6SPQ3\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll **SUSPICIOUS**
14:43:59.272 File: C:\Windows\assembly\tmp\56S2IPA5\Microsoft.Office.Tools.v9.0.dll **SUSPICIOUS**
14:43:59.366 File: C:\Windows\assembly\tmp\590FAVNT\Microsoft.mshtml.dll **SUSPICIOUS**
14:43:59.428 File: C:\Windows\assembly\tmp\69A9OURS\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll **SUSPICIOUS**
14:43:59.522 File: C:\Windows\assembly\tmp\6GYRGC7B\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll **SUSPICIOUS**
14:43:59.615 File: C:\Windows\assembly\tmp\6IVMY7OU\Policy.12.0.Microsoft.Office.Interop.SmartTag.dll **SUSPICIOUS**
14:43:59.693 File: C:\Windows\assembly\tmp\6IVMY7OU\U0EKYEG9 **SUSPICIOUS**
14:43:59.756 File: C:\Windows\assembly\tmp\6SWSLV31\Microsoft.Office.interop.access.dao.dll **SUSPICIOUS**
14:43:59.834 File: C:\Windows\assembly\tmp\72LTI1GD\Microsoft.Office.Interop.OneNote.dll **SUSPICIOUS**
14:43:59.896 File: C:\Windows\assembly\tmp\7F5N67S7\Microsoft.Office.Interop.SmartTag.dll **SUSPICIOUS**
14:43:59.974 File: C:\Windows\assembly\tmp\881OWPUT\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll **SUSPICIOUS**
14:44:00.083 File: C:\Windows\assembly\tmp\9134LQOO\Microsoft.Office.Interop.PowerPoint.dll **SUSPICIOUS**
14:44:00.192 File: C:\Windows\assembly\tmp\A36DKPQZ\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.dll **SUSPICIOUS**
14:44:00.286 File: C:\Windows\assembly\tmp\BFYM40PN\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.dll **SUSPICIOUS**
14:44:00.380 File: C:\Windows\assembly\tmp\DY990KHK\OFFICE.DLL **SUSPICIOUS**
14:44:00.520 File: C:\Windows\assembly\tmp\F9D8LGC8\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll **SUSPICIOUS**
14:44:00.614 File: C:\Windows\assembly\tmp\FAPNPT27\Policy.12.0.Office.dll **SUSPICIOUS**
14:44:00.692 File: C:\Windows\assembly\tmp\FTI8MEZM\Policy.12.0.Microsoft.Office.Interop.Graph.dll **SUSPICIOUS**
14:44:00.785 File: C:\Windows\assembly\tmp\G0913EPH\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll **SUSPICIOUS**
14:44:00.863 File: C:\Windows\assembly\tmp\GAJZ5936\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll **SUSPICIOUS**
14:44:00.957 File: C:\Windows\assembly\tmp\GLIL3BMD\Policy.11.0.Microsoft.Office.Interop.Excel.dll **SUSPICIOUS**
14:44:01.035 File: C:\Windows\assembly\tmp\GPMFFDKS\Microsoft.Office.Interop.Excel.dll **SUSPICIOUS**
14:44:01.316 File: C:\Windows\assembly\tmp\GSBIWYGF\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.dll **SUSPICIOUS**
14:44:01.440 File: C:\Windows\assembly\tmp\GZYNIK93\Microsoft.Vbe.Interop.dll **SUSPICIOUS**
14:44:01.534 File: C:\Windows\assembly\tmp\H789B592\Microsoft.stdformat.dll **SUSPICIOUS**
14:44:01.612 File: C:\Windows\assembly\tmp\HO4OPG5I\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll **SUSPICIOUS**
14:44:01.706 File: C:\Windows\assembly\tmp\HVFJKCDC\Microsoft.Office.Tools.Common.v9.0.dll **SUSPICIOUS**
14:44:01.830 File: C:\Windows\assembly\tmp\ILFF5728\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll **SUSPICIOUS**
14:44:01.955 File: C:\Windows\assembly\tmp\J5UDHGBB\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll **SUSPICIOUS**
14:44:02.049 File: C:\Windows\assembly\tmp\JKF5M2QZ\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.dll **SUSPICIOUS**
14:44:02.142 File: C:\Windows\assembly\tmp\loader.tlb **SUSPICIOUS**
14:44:02.205 File: C:\Windows\assembly\tmp\M9F0MFPE\MSCOMCTL.DLL **SUSPICIOUS**
14:44:02.298 File: C:\Windows\assembly\tmp\MARBNXFD\Policy.12.0.Microsoft.Office.Interop.Word.dll **SUSPICIOUS**
14:44:02.392 File: C:\Windows\assembly\tmp\MARBNXFD\R8EWVT9L **SUSPICIOUS**
14:44:02.454 File: C:\Windows\assembly\tmp\MVZHCHXZ\Microsoft.Office.Interop.Graph.dll **SUSPICIOUS**
14:44:02.548 File: C:\Windows\assembly\tmp\NI3B8D2Q\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll **SUSPICIOUS**
14:44:02.626 File: C:\Windows\assembly\tmp\PSQH4H00\Policy.12.0.Microsoft.Office.Interop.Excel.dll **SUSPICIOUS**
14:44:02.688 File: C:\Windows\assembly\tmp\PSQH4H00\XFNJSP3U **SUSPICIOUS**
14:44:02.735 File: C:\Windows\assembly\tmp\QWZLHCO5\Policy.11.0.Microsoft.Office.Interop.Word.dll **SUSPICIOUS**
14:44:02.798 File: C:\Windows\assembly\tmp\RD2YQXP7\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll **SUSPICIOUS**
14:44:02.876 File: C:\Windows\assembly\tmp\S2SV3HGN\Policy.12.0.Microsoft.Vbe.Interop.dll **SUSPICIOUS**
14:44:02.969 File: C:\Windows\assembly\tmp\TGDU5V0D\msdatasrc.dll **SUSPICIOUS**
14:44:03.063 File: C:\Windows\assembly\tmp\TUCUT658\Microsoft.Office.Tools.Excel.v9.0.dll **SUSPICIOUS**
14:44:03.188 File: C:\Windows\assembly\tmp\TYSANYDS\Microsoft.Office.Interop.OneNote.dll **SUSPICIOUS**
14:44:03.312 File: C:\Windows\assembly\tmp\U\00000001.@ **SUSPICIOUS**
14:44:03.406 File: C:\Windows\assembly\tmp\U\000000c0.@ **SUSPICIOUS**
14:44:03.453 File: C:\Windows\assembly\tmp\U\000000cb.@ **SUSPICIOUS**
14:44:03.500 File: C:\Windows\assembly\tmp\U\000000cb.@ **INFECTED** Other:Malware-gen
14:44:03.546 File: C:\Windows\assembly\tmp\U\000000cf.@ **SUSPICIOUS**
14:44:03.609 File: C:\Windows\assembly\tmp\U\80000000.@ **SUSPICIOUS**
14:44:03.718 File: C:\Windows\assembly\tmp\U\800000c0.@ **SUSPICIOUS**
14:44:03.765 File: C:\Windows\assembly\tmp\U\800000c0.@ **INFECTED** Win32:Sirefef-PL [Rtk]
14:44:03.827 File: C:\Windows\assembly\tmp\U\800000cb.@ **SUSPICIOUS**
14:44:03.874 File: C:\Windows\assembly\tmp\U\800000cb.@ **INFECTED** Win32:Malware-gen
14:44:03.936 File: C:\Windows\assembly\tmp\U\800000cf.@ **SUSPICIOUS**
14:44:03.968 File: C:\Windows\assembly\tmp\U\800000cf.@ **INFECTED** Win32:Malware-gen
14:44:04.030 File: C:\Windows\assembly\tmp\UCT45EMK\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll **SUSPICIOUS**
14:44:04.108 File: C:\Windows\assembly\tmp\UEIWLRR2\adodb.dll **SUSPICIOUS**
14:44:04.217 File: C:\Windows\assembly\tmp\UJDE20Y0\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll **SUSPICIOUS**
14:44:04.311 File: C:\Windows\assembly\tmp\UPB6F312\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll **SUSPICIOUS**
14:44:04.404 File: C:\Windows\assembly\tmp\VAB17CDU\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.dll **SUSPICIOUS**
14:44:04.482 File: C:\Windows\assembly\tmp\VRJGOYJX\Policy.11.0.Microsoft.Vbe.Interop.dll **SUSPICIOUS**
14:44:04.545 File: C:\Windows\assembly\tmp\VRJGOYJX\V4JOHTA9 **SUSPICIOUS**
14:44:04.607 File: C:\Windows\assembly\tmp\W8LFMFE8\Microsoft.Vbe.Interop.Forms.dll **SUSPICIOUS**
14:44:04.670 File: C:\Windows\assembly\tmp\XCDA4G9M\Microsoft.Office.Interop.Word.dll **SUSPICIOUS**
14:44:04.826 File: C:\Windows\assembly\tmp\Y6GH6RJD\Policy.12.0.Microsoft.Office.Interop.Access.Dao.dll **SUSPICIOUS**
14:44:04.904 File: C:\Windows\assembly\tmp\Y6GH6RJD\Q75OVUFC **SUSPICIOUS**
14:44:04.966 File: C:\Windows\assembly\tmp\YQNRI4QH\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll **SUSPICIOUS**
14:44:05.028 File: C:\Windows\assembly\tmp\ZJBX7Z9W\Policy.11.0.Office.dll **SUSPICIOUS**
14:44:05.122 File: C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} **SUSPICIOUS**
14:44:07.602 AVAST engine scan C:\Windows\system32\drivers
14:44:36.167 AVAST engine scan C:\Users\Gomez
14:45:35.671 Disk 0 MBR has been saved successfully to "C:\Users\Gomez\Desktop\MBR.dat"
14:45:35.686 The log file has been saved successfully to "C:\Users\Gomez\Desktop\aswMBR.txt"
14:51:16.170 AVAST engine scan C:\ProgramData
14:51:17.043 File: C:\ProgramData\4c24361e-2d92-4803-813f-a2eb0def83c9aandefiw+PwAAsXf6M8mCgAXYfo=.dat **INFECTED** Win32:MalOb-EV [Cryp]
14:52:48.771 File: C:\ProgramData\IljusxiPbowx.dll **INFECTED** Win32:Rootkit-gen [Rtk]
14:56:48.290 Scan finished successfully
14:59:22.359 Disk 0 MBR has been saved successfully to "C:\Users\Gomez\Desktop\MBR.dat"
14:59:22.390 The log file has been saved successfully to "C:\Users\Gomez\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:35 AM

Posted 14 March 2012 - 06:12 PM

PC has zero access rootkit that needs advanced tools to remove it

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#5 GMZ956

GMZ956
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 15 March 2012 - 07:15 PM

Hello,

A windows program came on this morning when I turned on the computer. It said it identified a trojan and removed it. I clicked to find out more information and the trojan was what was causing me to be redirected to abnow.com, according to the information on the MS website. Since then I haven't had any more issues. Thank you for your help.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:35 AM

Posted 16 March 2012 - 07:20 AM

GMZ956

Check my previous reply and follow the instructions




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users