Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect/ won't load/404 No Found. nginx


  • Please log in to reply
18 replies to this topic

#1 jjgt12

jjgt12

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 17 March 2012 - 11:12 AM

This started happenning about a week ago, I was just browsing reddit when I clicked on a link and my computer just shut down randomly.
As soon as it shut down I started up my computer and when I tried using google web search, I clicked on a link and it redirected to some website that wasn't what I wanted. I close that imediately. I also tried using a google image search later that day and I found the the image search did not have the option to search using the image. At first I thought google was down, but then I remembered waht someone told me. which was that google never goes down, they have 100's of servers worldwide. Then I noticed my Kaspersky antivirus popped up with a message, and that message said something like Trojan.alureon.something I looked it up on youtube and ask.com(since google won't work lol), and I believe my computer is infected with the google redirect virus, also known as TDSS I think.

I run Windows 7,
I have tried removing it with my expired Kaspersky program, and it said that it could not remove it.
I tried looking up intructions on youtube videos, and some of them say to download a program called TDSSkiller, but Youtube videos won't help seeing as there's no one who can help me through the steps of removing the virus.
So I searched ask.com for people with similar problems, and I found this website.
I browsed through the 'Am I infected? What do I do?' forums and I see that there have been topics already posted, and that you guys have been helpful enough to help out other poeple with the same problem.

So can you guys please help me out as well? I would just follow the steps you advised other poeple to take, but I also saw that you want them to post their logs, so I guess I might have to have someone look at that so they can help me out furthur.

Right now my computer runs ok, a bit slow, but I know if this problem remains in my computer then it will lead to other viruses, and in the end I will have to get a new computer.

Please help!

BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:34 PM

Posted 18 March 2012 - 04:23 PM

Hello,

Step 1

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------------

Step 2

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

----------------

Step 3

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes'
    Anti-Malware
    and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

----------------

Step 4

Download aswMBR to your desktop.
  • Double click the aswMBR.exe to run it.
  • If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
  • Click the "Scan" button to start scan.
  • On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

----------------

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 jjgt12

jjgt12
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 18 March 2012 - 11:32 PM

Thanks for the help, I will work on this ASAP!
I have to work tommorrow from 12:30 to 10, so get this done by tuesday mourning hopefully.

I HAVE DONE 3/4 STEPS, BUT WHEN I SCANNED WITH ASWMBR.EXE WINDOWS SHUT DOWN.

Should I try to scan again?

Edited by jjgt12, 19 March 2012 - 12:35 PM.


#4 jjgt12

jjgt12
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 19 March 2012 - 11:54 AM

Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Kaspersky Anti-Virus 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 26
Java version out of date!
Adobe Flash Player 10.3.181.26 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (10.0.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Kaspersky Lab Kaspersky Anti-Virus 2011 avp.exe
Kaspersky Lab Kaspersky Anti-Virus 2011 x64 klwtblfs.exe
``````````End of Log````````````


Farbar Service Scanner Version: 01-03-2012
Ran by Owner (administrator) on 19-03-2012 at 11:56:18
Running from "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XXDN4J5F"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Owner :: OWNER-PC [administrator]

Protection: Enabled

3/19/2012 12:01:38 PM
mbam-log-2012-03-19 (12-01-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214472
Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Detected: 2
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> 4436 -> Delete on reboot.
C:\Windows\svchost.exe (Trojan.Agent) -> 3052 -> Delete on reboot.

Memory Modules Detected: 6
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (PUP.MyWebSearch) -> Delete on reboot.

Registry Keys Detected: 159
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.IECookiesManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.IECookiesManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.DataControl.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.DataControl (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HTMLMenu.2 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.ToolbarPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.ToolbarPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterSettingsControl.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterSettingsControl (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\ScreenSaverControl.ScreenSaverInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\ScreenSaverControl.ScreenSaverInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.OutlookAddin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.KillerObjManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.KillerObjManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistoryKillerScheduler.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistoryKillerScheduler (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistorySwatterControlBar.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistorySwatterControlBar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ChatSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ChatSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEB04B5E-C981-47A9-B847-33EE4C92F6B9} (PUP.Magoo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.SkinLauncher (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.SkinLauncher.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.SkinLauncherSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.SkinLauncherSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{03A37CA0-AC78-48C3-B061-E82D3644CCBE} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{65F1815B-26A0-4AA8-A973-1598F6D646F6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{AFB130D4-7DD2-41EB-A9AD-4C90414657F4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin (PUP.MyWebSearch) -> Data: C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin (PUP.MyWebSearch) -> Data: C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|My Web Search Bar Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: ©Ž±#¥aI¶»
äG\Ê -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 25
C:\Program Files (x86)\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\2.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\2.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyWebSearch\bar (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyWebSearch\bar\1.bin (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\ThirdPartyInstallers (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Avatar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Game (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\gen1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\History (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\icons (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\IE9Mesg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\jsifb (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Message (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Overlay (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\wbnotify (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 89
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\2.bin\F3EZSETP.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\2.bin\F3PLUGIN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\2.bin\NPFUNWEB.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\ThirdPartyInstallers\SymcPCCUInstaller.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\ThirdPartyInstallers\SymcPCCUInstaller.log (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Game\CHESS.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Game\REVERSI.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\gen1\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\icons\CM.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\icons\MFC.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\icons\PSS.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\icons\SMILEY.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\icons\WB.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\IE9Mesg\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\jsifb\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Message\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\DOG.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\FISH.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAID.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\wbnotify\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Trojan.BHO) -> Delete on reboot.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (Trojan.BHO) -> Delete on reboot.

(end)


will post the rest soon

Edited by jjgt12, 19 March 2012 - 12:10 PM.


#5 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:34 PM

Posted 19 March 2012 - 02:15 PM

Hi jjight12

Please skip running aswMBR for now.

Thats a lot of malware gone :). You have a lot oif outdated software which we will address later.

Step 1

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Step 2

How is your computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#6 jjgt12

jjgt12
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 20 March 2012 - 11:34 AM

Google is still not working properly, but my computer is running fine.

MiniToolBox by Farbar Version: 18-01-2012
Ran by Owner (administrator) on 20-03-2012 at 11:33:20
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Owner-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 44-87-FC-D5-0D-C4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::95d2:9844:5d1a:28e1%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, March 19, 2012 5:31:50 PM
Lease Expires . . . . . . . . . . : Wednesday, March 21, 2012 11:30:18 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234890513
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-F7-3D-55-44-87-FC-D5-0D-C4
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{AA55A990-4430-48A6-B1FA-FF4BDC8A4468}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:8d3:3390:3f57:fefd(Preferred)
Link-local IPv6 Address . . . . . : fe80::8d3:3390:3f57:fefd%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.72
74.125.225.66
74.125.225.67
74.125.225.78
74.125.225.68
74.125.225.70
74.125.225.71
74.125.225.64
74.125.225.65
74.125.225.69
74.125.225.73


Pinging google.com [74.125.225.66] with 32 bytes of data:
Reply from 74.125.225.66: bytes=32 time=21ms TTL=56
Reply from 74.125.225.66: bytes=32 time=23ms TTL=56

Ping statistics for 74.125.225.66:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 23ms, Average = 22ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=278ms TTL=55
Reply from 72.30.38.140: bytes=32 time=344ms TTL=55

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 278ms, Maximum = 344ms, Average = 311ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 2ms, Average = 2ms
===========================================================================
Interface List
10...44 87 fc d5 0d c4 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 58 ::/0 On-link
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:5ef5:79fb:8d3:3390:3f57:fefd/128
On-link
10 276 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::8d3:3390:3f57:fefd/128
On-link
10 276 fe80::95d2:9844:5d1a:28e1/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/19/2012 00:17:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: tbRune.dll_unloaded, version: 0.0.0.0, time stamp: 0x4daaa6d9
Exception code: 0xc0000005
Fault offset: 0x06113e48
Faulting process id: 0x1150
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (03/19/2012 00:17:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x756ae2d4
Faulting process id: 0xd48
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (03/18/2012 00:23:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (03/16/2012 10:53:07 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (03/15/2012 01:50:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (03/15/2012 10:17:46 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: Flash10l.ocx, version: 10.1.102.64, time stamp: 0x4cc0fef8
Exception code: 0xc0000005
Fault offset: 0x001bd5eb
Faulting process id: 0x1394
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (03/15/2012 03:00:30 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver.

System Error:
The system cannot find the file specified.
.

Error: (03/14/2012 07:43:07 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1720

Start Time: 01cd01c53baa3613

Termination Time: 31

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 3a4e8955-6dd3-11e1-bf0d-4487fcd50dc4

Error: (03/12/2012 07:42:03 AM) (Source: Application Error) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d006
Faulting module name: WININET.dll, version: 8.0.7601.17744, time stamp: 0x4eeb0432
Exception code: 0x80000001
Fault offset: 0x00000000000101c5
Faulting process id: 0xdb8
Faulting application start time: 0xSearchProtocolHost.exe0
Faulting application path: SearchProtocolHost.exe1
Faulting module path: SearchProtocolHost.exe2
Report Id: SearchProtocolHost.exe3

Error: (03/11/2012 05:26:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_LanmanServer, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: SSCORE.DLL, version: 6.1.7601.17514, time stamp: 0x4ce7c9ec
Exception code: 0xc0000005
Fault offset: 0x000000000000146d
Faulting process id: 0x78
Faulting application start time: 0xsvchost.exe_LanmanServer0
Faulting application path: svchost.exe_LanmanServer1
Faulting module path: svchost.exe_LanmanServer2
Report Id: svchost.exe_LanmanServer3


System errors:
=============
Error: (03/20/2012 03:00:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).

Error: (03/19/2012 00:27:59 PM) (Source: BugCheck) (User: )
Description: 0x00000109 (0xa3a039d89fc6b579, 0xb3b7465ef244f20f, 0xfffff8800396f5c0, 0x0000000000000002)C:\Windows\MEMORY.DMP031912-24460-01

Error: (03/19/2012 00:27:56 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:25:59 PM on ?3/?19/?2012 was unexpected.

Error: (03/19/2012 03:00:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).

Error: (03/18/2012 03:00:29 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).

Error: (03/17/2012 05:10:09 PM) (Source: DCOM) (User: Owner)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Owner-PCOwnerS-1-5-21-3736816263-3127250076-3158410405-1000LocalHost (Using LRPC)

Error: (03/17/2012 03:00:43 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).

Error: (03/16/2012 03:00:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).

Error: (03/15/2012 03:40:24 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/15/2012 03:19:12 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:17:24 AM on ?3/?15/?2012 was unexpected.


Microsoft Office Sessions:
=========================
Error: (03/19/2012 00:17:38 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912tbRune.dll_unloaded0.0.0.04daaa6d9c000000506113e48115001cd05f4291183aeC:\Program Files (x86)\Internet Explorer\iexplore.exetbRune.dll6cbfc77f-71e7-11e1-a6c2-4487fcd50dc4

Error: (03/19/2012 00:17:18 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912unknown0.0.0.000000000c0000005756ae2d4d4801cd05f41db7137fC:\Program Files (x86)\Internet Explorer\iexplore.exeunknown60a6e93a-71e7-11e1-a6c2-4487fcd50dc4

Error: (03/18/2012 00:23:02 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (03/16/2012 10:53:07 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (03/15/2012 01:50:18 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (03/15/2012 10:17:46 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912Flash10l.ocx10.1.102.644cc0fef8c0000005001bd5eb139401cd02b8f3ffa5e6C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash10l.ocx049b24bb-6eb2-11e1-9106-4487fcd50dc4

Error: (03/15/2012 03:00:30 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver.

System Error:
The system cannot find the file specified.

Error: (03/14/2012 07:43:07 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.7601.17514172001cd01c53baa361331C:\Program Files (x86)\Internet Explorer\iexplore.exe3a4e8955-6dd3-11e1-bf0d-4487fcd50dc4

Error: (03/12/2012 07:42:03 AM) (Source: Application Error)(User: )
Description: SearchProtocolHost.exe7.0.7601.176104dc0d006WININET.dll8.0.7601.177444eeb04328000000100000000000101c5db801cd004cc0fa7970C:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\WININET.dllc43781af-6c40-11e1-bf0d-4487fcd50dc4

Error: (03/11/2012 05:26:58 PM) (Source: Application Error)(User: )
Description: svchost.exe_LanmanServer6.1.7600.163854a5bc3c1SSCORE.DLL6.1.7601.175144ce7c9ecc0000005000000000000146d7801ccffd5ee5b9e5bC:\Windows\system32\svchost.exeC:\Windows\system32\SSCORE.DLL505eaaea-6bc9-11e1-807b-4487fcd50dc4


=========================== Installed Programs ============================

ABBYY FineReader 6.0 Sprint (Version: 6.00.1784.41616)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Reader 9.1 MUI (Version: 9.1.0)
Advertising Center (Version: 0.0.0.2)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Ask Toolbar (Version: 1.13.0.0)
Best Buy pc app (Version: 3.0.0.0)
Bonjour (Version: 2.0.5.0)
CyberLink PowerDVD 9 (Version: 9.0.2931.50)
D3DX10 (Version: 15.4.2368.0902)
Daniusoft iTransfer(Build 2.0.3.2)
Dell PC Fax
Dell Photo AIO Printer 926
DesignPro 5 eMedia (Version: 5.2.1201)
DiskAid 4.61 (Version: 4.61)
Facebook Video Calling 1.1.1.1 (Version: 1.1.1)
Free YouTube to MP3 Converter version 3.10.8.815
Garmin Lifetime Updater (Version: 2.0.12)
Gateway InfoCentre (Version: 3.02.3000)
Gateway Photo Frame 4.2.3.10 (Version: 4.2.3.10)
Gateway Recovery Management (Version: 4.05.3012)
Gateway Registration (Version: 1.03.3003)
Gateway ScreenSaver (Version: 1.1.0506.2010)
Gateway Updater (Version: 1.02.3001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Hotkey Utility (Version: 2.05.3009)
Identity Card (Version: 1.00.3003)
ImagXpress (Version: 7.0.74.0)
InstallIQ Updater (Version: 1.4.1.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2104)
Intel® Matrix Storage Manager
Itibiti RTC (Version: 0.0.1)
iTunes (Version: 10.3.1.55)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Junk Mail filter update (Version: 15.4.3502.0922)
Kaspersky Anti-Virus 2011 (Version: 11.0.2.556)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.6.0)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 9 Essentials
Nero ControlCenter (Version: 9.0.0.1)
Nero DiscSpeed (Version: 5.4.13.100)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.12.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express Help (Version: 9.6.2.101)
Nero InfoTool (Version: 6.4.12.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero StartSmart (Version: 9.4.37.100)
Nero StartSmart Help (Version: 9.4.27.100)
Nero StartSmart OEM (Version: 9.4.10.100)
NeroExpress (Version: 9.4.33.100)
neroxml (Version: 1.0.0)
QuickTime (Version: 7.69.80.9)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.17.304.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6045)
RollerCoaster Tycoon 2 Triple Thrill Pack (Version: 1.00.000)
RuneScape Launcher 1.2 (Version: 1.2.0)
RuneScape Toolbar (Version: 6.3.5.3)
Safari (Version: 5.33.21.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Welcome Center (Version: 1.00.3013)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
Xvid Video Codec (Version: 1.3.1)

========================= Devices: ================================

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


========================= Memory info: ===================================

Percentage of memory in use: 17%
Total physical RAM: 8119.11 MB
Available physical RAM: 6701.39 MB
Total Pagefile: 16236.41 MB
Available Pagefile: 13962.4 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.79 MB

========================= Partitions: =====================================

1 Drive c: (Gateway) (Fixed) (Total:910.41 GB) (Free:807.14 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-PC

Administrator Guest Mcx1-OWNER-PC
Owner

========================= Minidump Files ==================================

No minidump file found

**** End of log ****


Edited by jjgt12, 20 March 2012 - 11:36 AM.


#7 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:34 PM

Posted 20 March 2012 - 03:54 PM

Hi jjgt1,

So you are still getting redirected when you are on google? If so does it happen in both Firefox and Internet explorer or just one of them?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#8 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:34 PM

Posted 20 March 2012 - 05:28 PM

Hi jjgt12,

In addition to my previous post, please follow step 8 of the preparation guide here
Please post the log in your next reply.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#9 jjgt12

jjgt12
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 21 March 2012 - 12:17 PM

Hey, thanks so much for your help so far, and Google is still not working properly. When I do a web search, and I click the links, they sometimes go to the right link, sometimes it redirects, and other times Internet explorer cannot load the page. On Firefox, everytime I click a link, it goes to the right page, but then a message pops from Malware-bytes saying that it blocked an attack. The message only popped up twice and has not popped up yet. When I try image searching, it does not load up with the results, it just says internet explorer cannot load the page. I do think I am still infected, and I will go to the link you posted earlier.

And thnkas again for being patient, I do not work today, so if you post today I may be able to get back to you sooner than before.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:34 PM

Posted 21 March 2012 - 02:14 PM

Run the GMER scan referenced in the above post... where it says do STEP 8
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 jjgt12

jjgt12
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 21 March 2012 - 02:35 PM

OH OK, It says not to create one if I run the 64-bit version though.

Edited by jjgt12, 21 March 2012 - 02:41 PM.


#12 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:34 PM

Posted 21 March 2012 - 03:06 PM

Hi jjgt12,

Since your system is 64 bit skip the GMER.
Please do the following instead:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#13 jjgt12

jjgt12
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 21 March 2012 - 03:27 PM

15:22:26.0610 4988 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
15:22:26.0938 4988 ============================================================
15:22:26.0938 4988 Current date / time: 2012/03/21 15:22:26.0938
15:22:26.0938 4988 SystemInfo:
15:22:26.0938 4988
15:22:26.0938 4988 OS Version: 6.1.7601 ServicePack: 1.0
15:22:26.0938 4988 Product type: Workstation
15:22:26.0938 4988 ComputerName: OWNER-PC
15:22:26.0938 4988 UserName: Owner
15:22:26.0938 4988 Windows directory: C:\Windows
15:22:26.0938 4988 System windows directory: C:\Windows
15:22:26.0938 4988 Running under WOW64
15:22:26.0938 4988 Processor architecture: Intel x64
15:22:26.0938 4988 Number of processors: 4
15:22:26.0938 4988 Page size: 0x1000
15:22:26.0938 4988 Boot type: Normal boot
15:22:26.0938 4988 ============================================================
15:22:27.0125 4988 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:22:27.0156 4988 \Device\Harddisk0\DR0:
15:22:27.0156 4988 MBR used
15:22:27.0172 4988 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2A00800, BlocksNum 0x32000
15:22:27.0172 4988 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2A32800, BlocksNum 0x71CD3800
15:22:27.0188 4988 Initialize success
15:22:27.0188 4988 ============================================================
15:22:30.0355 5000 ============================================================
15:22:30.0355 5000 Scan started
15:22:30.0355 5000 Mode: Manual;
15:22:30.0355 5000 ============================================================
15:22:30.0916 5000 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:22:30.0916 5000 1394ohci - ok
15:22:31.0025 5000 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:22:31.0025 5000 ACPI - ok
15:22:31.0103 5000 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:22:31.0103 5000 AcpiPmi - ok
15:22:31.0213 5000 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:22:31.0213 5000 adp94xx - ok
15:22:31.0415 5000 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:22:31.0415 5000 adpahci - ok
15:22:31.0634 5000 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:22:31.0634 5000 adpu320 - ok
15:22:31.0837 5000 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:22:31.0837 5000 AeLookupSvc - ok
15:22:32.0039 5000 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:22:32.0039 5000 AFD - ok
15:22:32.0320 5000 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:22:32.0336 5000 agp440 - ok
15:22:32.0710 5000 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:22:32.0726 5000 ALG - ok
15:22:33.0038 5000 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:22:33.0038 5000 aliide - ok
15:22:33.0272 5000 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:22:33.0272 5000 amdide - ok
15:22:33.0646 5000 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:22:33.0646 5000 AmdK8 - ok
15:22:34.0052 5000 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:22:34.0052 5000 AmdPPM - ok
15:22:34.0301 5000 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:22:34.0301 5000 amdsata - ok
15:22:34.0551 5000 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:22:34.0551 5000 amdsbs - ok
15:22:34.0707 5000 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:22:34.0707 5000 amdxata - ok
15:22:35.0222 5000 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:22:35.0222 5000 AppID - ok
15:22:35.0534 5000 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:22:35.0534 5000 AppIDSvc - ok
15:22:36.0064 5000 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:22:36.0064 5000 Appinfo - ok
15:22:36.0236 5000 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:22:36.0236 5000 Apple Mobile Device - ok
15:22:36.0485 5000 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:22:36.0501 5000 arc - ok
15:22:36.0766 5000 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:22:36.0766 5000 arcsas - ok
15:22:36.0938 5000 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:22:36.0953 5000 AsyncMac - ok
15:22:37.0234 5000 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:22:37.0234 5000 atapi - ok
15:22:37.0531 5000 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:22:37.0546 5000 AudioEndpointBuilder - ok
15:22:37.0577 5000 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:22:37.0577 5000 AudioSrv - ok
15:22:37.0655 5000 AVP (b2b3fcba37671c853879df7dde8a839a) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
15:22:37.0655 5000 AVP - ok
15:22:37.0827 5000 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:22:37.0843 5000 AxInstSV - ok
15:22:37.0905 5000 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:22:37.0905 5000 b06bdrv - ok
15:22:38.0108 5000 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:22:38.0108 5000 b57nd60a - ok
15:22:38.0311 5000 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:22:38.0326 5000 BDESVC - ok
15:22:38.0389 5000 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:22:38.0389 5000 Beep - ok
15:22:38.0591 5000 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:22:38.0591 5000 BFE - ok
15:22:38.0638 5000 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:22:38.0654 5000 BITS - ok
15:22:38.0825 5000 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:22:38.0825 5000 blbdrive - ok
15:22:38.0935 5000 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
15:22:38.0935 5000 Bonjour Service - ok
15:22:39.0309 5000 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:22:39.0309 5000 bowser - ok
15:22:39.0824 5000 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:22:39.0824 5000 BrFiltLo - ok
15:22:39.0855 5000 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:22:39.0855 5000 BrFiltUp - ok
15:22:39.0886 5000 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:22:39.0902 5000 Browser - ok
15:22:39.0917 5000 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:22:39.0917 5000 Brserid - ok
15:22:39.0933 5000 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:22:39.0933 5000 BrSerWdm - ok
15:22:39.0964 5000 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:22:39.0964 5000 BrUsbMdm - ok
15:22:39.0964 5000 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:22:39.0964 5000 BrUsbSer - ok
15:22:39.0980 5000 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:22:39.0980 5000 BTHMODEM - ok
15:22:40.0292 5000 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:22:40.0307 5000 bthserv - ok
15:22:40.0573 5000 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:22:40.0573 5000 cdfs - ok
15:22:41.0009 5000 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:22:41.0009 5000 cdrom - ok
15:22:41.0072 5000 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:22:41.0087 5000 CertPropSvc - ok
15:22:41.0134 5000 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:22:41.0134 5000 circlass - ok
15:22:41.0181 5000 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:22:41.0181 5000 CLFS - ok
15:22:41.0228 5000 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:22:41.0243 5000 clr_optimization_v2.0.50727_32 - ok
15:22:41.0290 5000 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:22:41.0306 5000 clr_optimization_v2.0.50727_64 - ok
15:22:41.0384 5000 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:22:41.0399 5000 clr_optimization_v4.0.30319_32 - ok
15:22:41.0415 5000 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:22:41.0415 5000 clr_optimization_v4.0.30319_64 - ok
15:22:41.0431 5000 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:22:41.0431 5000 CmBatt - ok
15:22:41.0477 5000 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:22:41.0477 5000 cmdide - ok
15:22:41.0524 5000 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:22:41.0524 5000 CNG - ok
15:22:41.0555 5000 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:22:41.0555 5000 Compbatt - ok
15:22:41.0602 5000 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:22:41.0602 5000 CompositeBus - ok
15:22:41.0618 5000 COMSysApp - ok
15:22:41.0633 5000 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:22:41.0633 5000 crcdisk - ok
15:22:41.0727 5000 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:22:41.0743 5000 CryptSvc - ok
15:22:41.0930 5000 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:22:41.0945 5000 cvhsvc - ok
15:22:41.0992 5000 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:22:42.0008 5000 DcomLaunch - ok
15:22:42.0055 5000 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:22:42.0070 5000 defragsvc - ok
15:22:42.0101 5000 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:22:42.0117 5000 DfsC - ok
15:22:42.0164 5000 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:22:42.0164 5000 Dhcp - ok
15:22:42.0211 5000 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:22:42.0211 5000 discache - ok
15:22:42.0242 5000 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:22:42.0242 5000 Disk - ok
15:22:42.0304 5000 dlcx_device - ok
15:22:42.0367 5000 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:22:42.0367 5000 Dnscache - ok
15:22:42.0398 5000 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:22:42.0398 5000 dot3svc - ok
15:22:42.0445 5000 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:22:42.0445 5000 DPS - ok
15:22:42.0476 5000 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:22:42.0476 5000 drmkaud - ok
15:22:42.0507 5000 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:22:42.0523 5000 DXGKrnl - ok
15:22:42.0538 5000 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:22:42.0554 5000 EapHost - ok
15:22:42.0647 5000 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:22:42.0663 5000 ebdrv - ok
15:22:42.0694 5000 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:22:42.0694 5000 EFS - ok
15:22:42.0866 5000 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:22:42.0881 5000 ehRecvr - ok
15:22:42.0913 5000 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:22:42.0913 5000 ehSched - ok
15:22:43.0037 5000 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:22:43.0053 5000 elxstor - ok
15:22:43.0084 5000 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:22:43.0084 5000 ErrDev - ok
15:22:43.0131 5000 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:22:43.0131 5000 EventSystem - ok
15:22:43.0162 5000 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:22:43.0162 5000 exfat - ok
15:22:43.0178 5000 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:22:43.0178 5000 fastfat - ok
15:22:43.0240 5000 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:22:43.0256 5000 Fax - ok
15:22:43.0271 5000 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:22:43.0271 5000 fdc - ok
15:22:43.0318 5000 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:22:43.0318 5000 fdPHost - ok
15:22:43.0318 5000 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:22:43.0334 5000 FDResPub - ok
15:22:43.0349 5000 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:22:43.0349 5000 FileInfo - ok
15:22:43.0365 5000 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:22:43.0365 5000 Filetrace - ok
15:22:43.0381 5000 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:22:43.0381 5000 flpydisk - ok
15:22:43.0427 5000 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:22:43.0427 5000 FltMgr - ok
15:22:43.0474 5000 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:22:43.0490 5000 FontCache - ok
15:22:43.0537 5000 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:22:43.0537 5000 FontCache3.0.0.0 - ok
15:22:43.0568 5000 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:22:43.0568 5000 FsDepends - ok
15:22:43.0615 5000 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
15:22:43.0615 5000 fssfltr - ok
15:22:43.0739 5000 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:22:43.0755 5000 fsssvc - ok
15:22:43.0817 5000 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:22:43.0817 5000 Fs_Rec - ok
15:22:43.0849 5000 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:22:43.0864 5000 fvevol - ok
15:22:43.0895 5000 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:22:43.0895 5000 gagp30kx - ok
15:22:43.0958 5000 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:22:43.0958 5000 GEARAspiWDM - ok
15:22:44.0020 5000 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:22:44.0036 5000 gpsvc - ok
15:22:44.0114 5000 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
15:22:44.0114 5000 GREGService - ok
15:22:44.0129 5000 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:22:44.0145 5000 gusvc - ok
15:22:44.0176 5000 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:22:44.0176 5000 hcw85cir - ok
15:22:44.0239 5000 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:22:44.0254 5000 HdAudAddService - ok
15:22:44.0270 5000 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:22:44.0270 5000 HDAudBus - ok
15:22:44.0285 5000 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:22:44.0285 5000 HidBatt - ok
15:22:44.0285 5000 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:22:44.0285 5000 HidBth - ok
15:22:44.0301 5000 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:22:44.0301 5000 HidIr - ok
15:22:44.0317 5000 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:22:44.0317 5000 hidserv - ok
15:22:44.0379 5000 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:22:44.0379 5000 HidUsb - ok
15:22:44.0410 5000 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:22:44.0426 5000 hkmsvc - ok
15:22:44.0441 5000 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:22:44.0457 5000 HomeGroupListener - ok
15:22:44.0488 5000 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:22:44.0504 5000 HomeGroupProvider - ok
15:22:44.0551 5000 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:22:44.0551 5000 HpSAMD - ok
15:22:44.0613 5000 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:22:44.0613 5000 HTTP - ok
15:22:44.0660 5000 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:22:44.0660 5000 hwpolicy - ok
15:22:44.0691 5000 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:22:44.0707 5000 i8042prt - ok
15:22:44.0785 5000 IAANTMON (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:22:44.0785 5000 IAANTMON - ok
15:22:44.0847 5000 iaStor (bf5442dc14608d18949dc83de37e667a) C:\Windows\system32\DRIVERS\iaStor.sys
15:22:44.0847 5000 iaStor - ok
15:22:44.0909 5000 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:22:44.0909 5000 iaStorV - ok
15:22:44.0972 5000 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:22:44.0987 5000 idsvc - ok
15:22:45.0221 5000 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:22:45.0268 5000 igfx - ok
15:22:45.0299 5000 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:22:45.0299 5000 iirsp - ok
15:22:45.0346 5000 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:22:45.0362 5000 IKEEXT - ok
15:22:45.0440 5000 IntcAzAudAddService (2e3b99e8c23be2bf32ebe1db5261f275) C:\Windows\system32\drivers\RTKVHD64.sys
15:22:45.0455 5000 IntcAzAudAddService - ok
15:22:45.0533 5000 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:22:45.0533 5000 IntcDAud - ok
15:22:45.0565 5000 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:22:45.0565 5000 intelide - ok
15:22:45.0627 5000 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:22:45.0627 5000 intelppm - ok
15:22:45.0658 5000 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:22:45.0658 5000 IPBusEnum - ok
15:22:45.0705 5000 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:22:45.0705 5000 IpFilterDriver - ok
15:22:45.0736 5000 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:22:45.0752 5000 iphlpsvc - ok
15:22:45.0783 5000 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:22:45.0783 5000 IPMIDRV - ok
15:22:45.0845 5000 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:22:45.0845 5000 IPNAT - ok
15:22:45.0908 5000 iPod Service (d38469601b72d2da4f847fc642174e21) C:\Program Files\iPod\bin\iPodService.exe
15:22:45.0923 5000 iPod Service - ok
15:22:45.0939 5000 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:22:45.0955 5000 IRENUM - ok
15:22:45.0986 5000 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:22:45.0986 5000 isapnp - ok
15:22:46.0017 5000 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:22:46.0033 5000 iScsiPrt - ok
15:22:46.0048 5000 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:22:46.0048 5000 kbdclass - ok
15:22:46.0111 5000 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:22:46.0111 5000 kbdhid - ok
15:22:46.0142 5000 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:22:46.0142 5000 KeyIso - ok
15:22:46.0204 5000 KL1 (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys
15:22:46.0204 5000 KL1 - ok
15:22:46.0220 5000 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys
15:22:46.0220 5000 kl2 - ok
15:22:46.0267 5000 KLIF (c1786c2f8de0f62e076f7ef8dea4e87a) C:\Windows\system32\DRIVERS\klif.sys
15:22:46.0282 5000 KLIF - ok
15:22:46.0298 5000 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
15:22:46.0298 5000 KLIM6 - ok
15:22:46.0313 5000 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
15:22:46.0313 5000 klmouflt - ok
15:22:46.0329 5000 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:22:46.0329 5000 KSecDD - ok
15:22:46.0360 5000 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:22:46.0360 5000 KSecPkg - ok
15:22:46.0391 5000 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:22:46.0391 5000 ksthunk - ok
15:22:46.0454 5000 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:22:46.0469 5000 KtmRm - ok
15:22:46.0516 5000 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:22:46.0532 5000 LanmanServer - ok
15:22:46.0594 5000 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:22:46.0594 5000 LanmanWorkstation - ok
15:22:46.0625 5000 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:22:46.0625 5000 lltdio - ok
15:22:46.0672 5000 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:22:46.0672 5000 lltdsvc - ok
15:22:46.0719 5000 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:22:46.0719 5000 lmhosts - ok
15:22:46.0750 5000 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:22:46.0766 5000 LSI_FC - ok
15:22:46.0766 5000 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:22:46.0766 5000 LSI_SAS - ok
15:22:46.0781 5000 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:22:46.0781 5000 LSI_SAS2 - ok
15:22:46.0797 5000 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:22:46.0797 5000 LSI_SCSI - ok
15:22:46.0828 5000 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:22:46.0828 5000 luafv - ok
15:22:46.0875 5000 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
15:22:46.0875 5000 LVRS64 - ok
15:22:47.0000 5000 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
15:22:47.0031 5000 LVUVC64 - ok
15:22:47.0109 5000 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
15:22:47.0125 5000 MBAMProtector - ok
15:22:47.0203 5000 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:22:47.0218 5000 MBAMService - ok
15:22:47.0249 5000 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:22:47.0249 5000 Mcx2Svc - ok
15:22:47.0265 5000 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:22:47.0281 5000 megasas - ok
15:22:47.0296 5000 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:22:47.0312 5000 MegaSR - ok
15:22:47.0343 5000 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:22:47.0343 5000 MMCSS - ok
15:22:47.0359 5000 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:22:47.0374 5000 Modem - ok
15:22:47.0421 5000 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:22:47.0421 5000 monitor - ok
15:22:47.0483 5000 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:22:47.0483 5000 mouclass - ok
15:22:47.0530 5000 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:22:47.0530 5000 mouhid - ok
15:22:47.0561 5000 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:22:47.0561 5000 mountmgr - ok
15:22:47.0608 5000 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:22:47.0608 5000 mpio - ok
15:22:47.0639 5000 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:22:47.0639 5000 mpsdrv - ok
15:22:47.0686 5000 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:22:47.0702 5000 MpsSvc - ok
15:22:47.0749 5000 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:22:47.0749 5000 MRxDAV - ok
15:22:47.0780 5000 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:22:47.0795 5000 mrxsmb - ok
15:22:47.0827 5000 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:22:47.0827 5000 mrxsmb10 - ok
15:22:47.0842 5000 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:22:47.0858 5000 mrxsmb20 - ok
15:22:47.0873 5000 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:22:47.0873 5000 msahci - ok
15:22:47.0920 5000 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:22:47.0920 5000 msdsm - ok
15:22:47.0951 5000 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:22:47.0967 5000 MSDTC - ok
15:22:48.0014 5000 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:22:48.0029 5000 Msfs - ok
15:22:48.0045 5000 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:22:48.0045 5000 mshidkmdf - ok
15:22:48.0076 5000 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:22:48.0076 5000 msisadrv - ok
15:22:48.0123 5000 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:22:48.0123 5000 MSiSCSI - ok
15:22:48.0139 5000 msiserver - ok
15:22:48.0170 5000 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:22:48.0185 5000 MSKSSRV - ok
15:22:48.0201 5000 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:22:48.0217 5000 MSPCLOCK - ok
15:22:48.0217 5000 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:22:48.0232 5000 MSPQM - ok
15:22:48.0263 5000 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:22:48.0279 5000 MsRPC - ok
15:22:48.0295 5000 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:22:48.0295 5000 mssmbios - ok
15:22:48.0310 5000 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:22:48.0326 5000 MSTEE - ok
15:22:48.0341 5000 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:22:48.0357 5000 MTConfig - ok
15:22:48.0388 5000 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:22:48.0388 5000 Mup - ok
15:22:48.0435 5000 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:22:48.0451 5000 napagent - ok
15:22:48.0482 5000 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:22:48.0497 5000 NativeWifiP - ok
15:22:48.0544 5000 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:22:48.0560 5000 NDIS - ok
15:22:48.0591 5000 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:22:48.0607 5000 NdisCap - ok
15:22:48.0653 5000 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:22:48.0653 5000 NdisTapi - ok
15:22:48.0700 5000 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:22:48.0700 5000 Ndisuio - ok
15:22:48.0747 5000 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:22:48.0747 5000 NdisWan - ok
15:22:48.0794 5000 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:22:48.0794 5000 NDProxy - ok
15:22:48.0887 5000 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
15:22:48.0903 5000 Nero BackItUp Scheduler 4.0 - ok
15:22:48.0934 5000 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:22:48.0934 5000 NetBIOS - ok
15:22:48.0981 5000 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:22:48.0981 5000 NetBT - ok
15:22:49.0012 5000 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:22:49.0012 5000 Netlogon - ok
15:22:49.0075 5000 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:22:49.0075 5000 Netman - ok
15:22:49.0106 5000 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:22:49.0106 5000 netprofm - ok
15:22:49.0137 5000 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:22:49.0153 5000 NetTcpPortSharing - ok
15:22:49.0168 5000 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:22:49.0168 5000 nfrd960 - ok
15:22:49.0199 5000 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:22:49.0215 5000 NlaSvc - ok
15:22:49.0231 5000 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:22:49.0231 5000 Npfs - ok
15:22:49.0246 5000 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:22:49.0246 5000 nsi - ok
15:22:49.0262 5000 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:22:49.0277 5000 nsiproxy - ok
15:22:49.0324 5000 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:22:49.0340 5000 Ntfs - ok
15:22:49.0355 5000 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:22:49.0355 5000 Null - ok
15:22:49.0402 5000 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:22:49.0402 5000 nvraid - ok
15:22:49.0433 5000 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:22:49.0433 5000 nvstor - ok
15:22:49.0465 5000 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:22:49.0480 5000 nv_agp - ok
15:22:49.0511 5000 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:22:49.0511 5000 ohci1394 - ok
15:22:49.0605 5000 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:22:49.0605 5000 ose - ok
15:22:49.0730 5000 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:22:49.0761 5000 osppsvc - ok
15:22:49.0792 5000 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:22:49.0808 5000 p2pimsvc - ok
15:22:49.0839 5000 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:22:49.0855 5000 p2psvc - ok
15:22:49.0870 5000 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:22:49.0886 5000 Parport - ok
15:22:49.0917 5000 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:22:49.0917 5000 partmgr - ok
15:22:49.0933 5000 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:22:49.0948 5000 PcaSvc - ok
15:22:49.0964 5000 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:22:49.0979 5000 pci - ok
15:22:49.0995 5000 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:22:49.0995 5000 pciide - ok
15:22:50.0011 5000 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:22:50.0026 5000 pcmcia - ok
15:22:50.0042 5000 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:22:50.0042 5000 pcw - ok
15:22:50.0057 5000 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:22:50.0073 5000 PEAUTH - ok
15:22:50.0089 5000 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:22:50.0089 5000 PerfHost - ok
15:22:50.0151 5000 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:22:50.0167 5000 pla - ok
15:22:50.0213 5000 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:22:50.0213 5000 PlugPlay - ok
15:22:50.0245 5000 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:22:50.0260 5000 PNRPAutoReg - ok
15:22:50.0291 5000 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:22:50.0291 5000 PNRPsvc - ok
15:22:50.0323 5000 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:22:50.0323 5000 PolicyAgent - ok
15:22:50.0369 5000 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:22:50.0369 5000 Power - ok
15:22:50.0416 5000 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:22:50.0416 5000 PptpMiniport - ok
15:22:50.0447 5000 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:22:50.0463 5000 Processor - ok
15:22:50.0479 5000 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:22:50.0479 5000 ProfSvc - ok
15:22:50.0525 5000 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:22:50.0525 5000 ProtectedStorage - ok
15:22:50.0557 5000 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:22:50.0557 5000 Psched - ok
15:22:50.0619 5000 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:22:50.0650 5000 ql2300 - ok
15:22:50.0666 5000 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:22:50.0666 5000 ql40xx - ok
15:22:50.0697 5000 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:22:50.0713 5000 QWAVE - ok
15:22:50.0728 5000 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:22:50.0728 5000 QWAVEdrv - ok
15:22:50.0775 5000 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:22:50.0791 5000 RasAcd - ok
15:22:50.0822 5000 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:22:50.0822 5000 RasAgileVpn - ok
15:22:50.0837 5000 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:22:50.0853 5000 RasAuto - ok
15:22:50.0884 5000 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:22:50.0884 5000 Rasl2tp - ok
15:22:50.0915 5000 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:22:50.0915 5000 RasMan - ok
15:22:50.0931 5000 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:22:50.0947 5000 RasPppoe - ok
15:22:50.0962 5000 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:22:50.0962 5000 RasSstp - ok
15:22:50.0993 5000 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:22:51.0009 5000 rdbss - ok
15:22:51.0025 5000 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:22:51.0025 5000 rdpbus - ok
15:22:51.0056 5000 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:22:51.0056 5000 RDPCDD - ok
15:22:51.0071 5000 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:22:51.0071 5000 RDPENCDD - ok
15:22:51.0087 5000 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:22:51.0087 5000 RDPREFMP - ok
15:22:51.0118 5000 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:22:51.0134 5000 RDPWD - ok
15:22:51.0165 5000 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:22:51.0165 5000 rdyboost - ok
15:22:51.0212 5000 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:22:51.0212 5000 RemoteAccess - ok
15:22:51.0259 5000 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:22:51.0259 5000 RemoteRegistry - ok
15:22:51.0290 5000 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:22:51.0290 5000 RpcEptMapper - ok
15:22:51.0337 5000 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:22:51.0352 5000 RpcLocator - ok
15:22:51.0383 5000 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:22:51.0399 5000 RpcSs - ok
15:22:51.0430 5000 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:22:51.0430 5000 rspndr - ok
15:22:51.0461 5000 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:22:51.0477 5000 RTL8167 - ok
15:22:51.0493 5000 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:22:51.0493 5000 SamSs - ok
15:22:51.0524 5000 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:22:51.0524 5000 sbp2port - ok
15:22:51.0539 5000 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:22:51.0555 5000 SCardSvr - ok
15:22:51.0586 5000 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:22:51.0602 5000 scfilter - ok
15:22:51.0649 5000 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:22:51.0649 5000 Schedule - ok
15:22:51.0695 5000 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:22:51.0711 5000 SCPolicySvc - ok
15:22:51.0727 5000 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:22:51.0727 5000 SDRSVC - ok
15:22:51.0758 5000 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:22:51.0758 5000 secdrv - ok
15:22:51.0789 5000 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:22:51.0805 5000 seclogon - ok
15:22:51.0836 5000 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:22:51.0836 5000 SENS - ok
15:22:51.0851 5000 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:22:51.0867 5000 SensrSvc - ok
15:22:51.0883 5000 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:22:51.0898 5000 Serenum - ok
15:22:51.0914 5000 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:22:51.0914 5000 Serial - ok
15:22:51.0961 5000 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:22:51.0961 5000 sermouse - ok
15:22:52.0007 5000 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:22:52.0007 5000 SessionEnv - ok
15:22:52.0054 5000 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:22:52.0054 5000 sffdisk - ok
15:22:52.0070 5000 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:22:52.0070 5000 sffp_mmc - ok
15:22:52.0101 5000 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:22:52.0101 5000 sffp_sd - ok
15:22:52.0117 5000 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:22:52.0117 5000 sfloppy - ok
15:22:52.0195 5000 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
15:22:52.0195 5000 Sftfs - ok
15:22:52.0288 5000 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:22:52.0288 5000 sftlist - ok
15:22:52.0319 5000 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:22:52.0319 5000 Sftplay - ok
15:22:52.0351 5000 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:22:52.0351 5000 Sftredir - ok
15:22:52.0366 5000 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
15:22:52.0366 5000 Sftvol - ok
15:22:52.0397 5000 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:22:52.0397 5000 sftvsa - ok
15:22:52.0444 5000 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:22:52.0460 5000 SharedAccess - ok
15:22:52.0507 5000 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:22:52.0507 5000 ShellHWDetection - ok
15:22:52.0522 5000 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:22:52.0538 5000 SiSRaid2 - ok
15:22:52.0553 5000 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:22:52.0553 5000 SiSRaid4 - ok
15:22:52.0585 5000 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:22:52.0585 5000 Smb - ok
15:22:52.0647 5000 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:22:52.0663 5000 SNMPTRAP - ok
15:22:52.0678 5000 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:22:52.0694 5000 spldr - ok
15:22:52.0741 5000 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:22:52.0741 5000 Spooler - ok
15:22:52.0834 5000 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:22:52.0850 5000 sppsvc - ok
15:22:52.0897 5000 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:22:52.0897 5000 sppuinotify - ok
15:22:52.0943 5000 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:22:52.0943 5000 srv - ok
15:22:52.0975 5000 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:22:52.0975 5000 srv2 - ok
15:22:52.0990 5000 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:22:52.0990 5000 srvnet - ok
15:22:53.0037 5000 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:22:53.0037 5000 SSDPSRV - ok
15:22:53.0053 5000 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:22:53.0068 5000 SstpSvc - ok
15:22:53.0084 5000 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:22:53.0084 5000 stexstor - ok
15:22:53.0131 5000 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:22:53.0131 5000 stisvc - ok
15:22:53.0162 5000 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:22:53.0162 5000 swenum - ok
15:22:53.0193 5000 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:22:53.0209 5000 swprv - ok
15:22:53.0255 5000 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:22:53.0271 5000 SysMain - ok
15:22:53.0302 5000 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:22:53.0302 5000 TabletInputService - ok
15:22:53.0349 5000 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:22:53.0349 5000 TapiSrv - ok
15:22:53.0365 5000 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:22:53.0380 5000 TBS - ok
15:22:53.0443 5000 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:22:53.0474 5000 Tcpip - ok
15:22:53.0536 5000 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:22:53.0552 5000 TCPIP6 - ok
15:22:53.0599 5000 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:22:53.0599 5000 tcpipreg - ok
15:22:53.0614 5000 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:22:53.0630 5000 TDPIPE - ok
15:22:53.0661 5000 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:22:53.0661 5000 TDTCP - ok
15:22:53.0692 5000 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:22:53.0692 5000 tdx - ok
15:22:53.0723 5000 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:22:53.0723 5000 TermDD - ok
15:22:53.0755 5000 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:22:53.0770 5000 TermService - ok
15:22:53.0801 5000 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:22:53.0801 5000 Themes - ok
15:22:53.0833 5000 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:22:53.0833 5000 THREADORDER - ok
15:22:53.0864 5000 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:22:53.0864 5000 TrkWks - ok
15:22:53.0911 5000 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:22:53.0911 5000 TrustedInstaller - ok
15:22:53.0957 5000 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:22:53.0957 5000 tssecsrv - ok
15:22:53.0989 5000 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:22:53.0989 5000 TsUsbFlt - ok
15:22:54.0051 5000 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:22:54.0051 5000 tunnel - ok
15:22:54.0082 5000 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:22:54.0098 5000 uagp35 - ok
15:22:54.0129 5000 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:22:54.0129 5000 udfs - ok
15:22:54.0160 5000 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:22:54.0176 5000 UI0Detect - ok
15:22:54.0207 5000 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:22:54.0207 5000 uliagpkx - ok
15:22:54.0269 5000 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:22:54.0269 5000 umbus - ok
15:22:54.0316 5000 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:22:54.0332 5000 UmPass - ok
15:22:54.0394 5000 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
15:22:54.0410 5000 Updater Service - ok
15:22:54.0425 5000 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:22:54.0441 5000 upnphost - ok
15:22:54.0472 5000 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:22:54.0472 5000 USBAAPL64 - ok
15:22:54.0503 5000 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:22:54.0503 5000 usbaudio - ok
15:22:54.0519 5000 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:22:54.0535 5000 usbccgp - ok
15:22:54.0566 5000 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:22:54.0566 5000 usbcir - ok
15:22:54.0613 5000 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:22:54.0613 5000 usbehci - ok
15:22:54.0691 5000 UsbFltr (68bad03835873d4bbbde95cbb135a395) C:\Windows\system32\Drivers\UsbFltr.sys
15:22:54.0691 5000 UsbFltr - ok
15:22:54.0737 5000 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:22:54.0737 5000 usbhub - ok
15:22:54.0753 5000 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:22:54.0753 5000 usbohci - ok
15:22:54.0784 5000 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:22:54.0784 5000 usbprint - ok
15:22:54.0847 5000 USBS3S4Detection (b5e6c4f280ebf0b16f74a5b415f2e0df) C:\OEM\USBDECTION\USBS3S4Detection.exe
15:22:54.0862 5000 USBS3S4Detection - ok
15:22:54.0893 5000 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:22:54.0909 5000 usbscan - ok
15:22:54.0925 5000 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:22:54.0925 5000 USBSTOR - ok
15:22:54.0956 5000 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:22:54.0956 5000 usbuhci - ok
15:22:54.0971 5000 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:22:54.0987 5000 UxSms - ok
15:22:55.0003 5000 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:22:55.0003 5000 VaultSvc - ok
15:22:55.0065 5000 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:22:55.0065 5000 vdrvroot - ok
15:22:55.0112 5000 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:22:55.0127 5000 vds - ok
15:22:55.0143 5000 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:22:55.0143 5000 vga - ok
15:22:55.0174 5000 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:22:55.0190 5000 VgaSave - ok
15:22:55.0221 5000 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:22:55.0221 5000 vhdmp - ok
15:22:55.0237 5000 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:22:55.0237 5000 viaide - ok
15:22:55.0283 5000 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:22:55.0283 5000 volmgr - ok
15:22:55.0330 5000 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:22:55.0330 5000 volmgrx - ok
15:22:55.0377 5000 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:22:55.0377 5000 volsnap - ok
15:22:55.0408 5000 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:22:55.0424 5000 vsmraid - ok
15:22:55.0471 5000 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:22:55.0486 5000 VSS - ok
15:22:55.0517 5000 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:22:55.0517 5000 vwifibus - ok
15:22:55.0564 5000 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:22:55.0580 5000 W32Time - ok
15:22:55.0595 5000 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:22:55.0595 5000 WacomPen - ok
15:22:55.0627 5000 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:22:55.0627 5000 WANARP - ok
15:22:55.0642 5000 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:22:55.0642 5000 Wanarpv6 - ok
15:22:55.0705 5000 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:22:55.0720 5000 WatAdminSvc - ok
15:22:55.0767 5000 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:22:55.0783 5000 wbengine - ok
15:22:55.0783 5000 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:22:55.0798 5000 WbioSrvc - ok
15:22:55.0829 5000 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:22:55.0829 5000 wcncsvc - ok
15:22:55.0845 5000 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:22:55.0861 5000 WcsPlugInService - ok
15:22:55.0861 5000 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:22:55.0876 5000 Wd - ok
15:22:55.0892 5000 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:22:55.0892 5000 Wdf01000 - ok
15:22:55.0907 5000 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:22:55.0923 5000 WdiServiceHost - ok
15:22:55.0923 5000 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:22:55.0923 5000 WdiSystemHost - ok
15:22:55.0939 5000 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:22:55.0954 5000 WebClient - ok
15:22:55.0970 5000 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:22:55.0985 5000 Wecsvc - ok
15:22:56.0001 5000 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:22:56.0017 5000 wercplsupport - ok
15:22:56.0032 5000 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:22:56.0032 5000 WerSvc - ok
15:22:56.0048 5000 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:22:56.0063 5000 WfpLwf - ok
15:22:56.0063 5000 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:22:56.0079 5000 WIMMount - ok
15:22:56.0126 5000 WinDefend - ok
15:22:56.0141 5000 WinHttpAutoProxySvc - ok
15:22:56.0204 5000 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:22:56.0204 5000 Winmgmt - ok
15:22:56.0282 5000 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:22:56.0297 5000 WinRM - ok
15:22:56.0391 5000 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:22:56.0391 5000 WinUsb - ok
15:22:56.0438 5000 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:22:56.0438 5000 Wlansvc - ok
15:22:56.0500 5000 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:22:56.0500 5000 wlcrasvc - ok
15:22:56.0578 5000 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:22:56.0609 5000 wlidsvc - ok
15:22:56.0656 5000 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:22:56.0656 5000 WmiAcpi - ok
15:22:56.0672 5000 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:22:56.0672 5000 wmiApSrv - ok
15:22:56.0687 5000 WMPNetworkSvc - ok
15:22:56.0719 5000 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:22:56.0719 5000 WPCSvc - ok
15:22:56.0765 5000 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:22:56.0765 5000 WPDBusEnum - ok
15:22:56.0797 5000 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:22:56.0797 5000 ws2ifsl - ok
15:22:56.0828 5000 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:22:56.0828 5000 wscsvc - ok
15:22:56.0843 5000 WSearch - ok
15:22:56.0921 5000 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:22:56.0953 5000 wuauserv - ok
15:22:56.0999 5000 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:22:56.0999 5000 WudfPf - ok
15:22:57.0031 5000 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:22:57.0031 5000 WUDFRd - ok
15:22:57.0062 5000 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:22:57.0077 5000 wudfsvc - ok
15:22:57.0093 5000 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:22:57.0093 5000 WwanSvc - ok
15:22:57.0109 5000 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
15:22:57.0140 5000 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
15:22:57.0140 5000 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
15:22:57.0171 5000 Boot (0x1200) (de740940ebe85d5e3a260c4506a575d5) \Device\Harddisk0\DR0\Partition0
15:22:57.0171 5000 \Device\Harddisk0\DR0\Partition0 - ok
15:22:57.0187 5000 Boot (0x1200) (3fe24942ba6e8a4e80cd976d09dac21a) \Device\Harddisk0\DR0\Partition1
15:22:57.0187 5000 \Device\Harddisk0\DR0\Partition1 - ok
15:22:57.0187 5000 ============================================================
15:22:57.0187 5000 Scan finished
15:22:57.0187 5000 ============================================================
15:22:57.0202 3448 Detected object count: 1
15:22:57.0202 3448 Actual detected object count: 1
15:23:20.0930 3448 \Device\Harddisk0\DR0\# - copied to quarantine
15:23:20.0945 3448 \Device\Harddisk0\DR0 - copied to quarantine
15:23:20.0977 3448 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
15:23:20.0977 3448 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
15:23:20.0977 3448 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
15:23:20.0977 3448 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
15:23:20.0992 3448 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
15:23:20.0992 3448 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
15:23:20.0992 3448 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
15:23:20.0992 3448 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
15:23:21.0008 3448 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
15:23:21.0008 3448 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
15:23:21.0008 3448 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
15:23:21.0008 3448 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
15:23:21.0008 3448 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
15:23:21.0008 3448 \Device\Harddisk0\DR0 - ok
15:23:21.0320 3448 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
15:23:31.0273 3332 Deinitialize success



#14 jjgt12

jjgt12
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 21 March 2012 - 03:33 PM

Google image search now works normally btw. The option to search with an image came back as well, as it was not there before running TDSSkiller.

Also Malwareantibytes popped up and blocked a malicous process: C:\WINDOWS\SCVHOST.EXE TROJAN.AGENT. It popped up as I used the image search.

Edited by jjgt12, 21 March 2012 - 03:34 PM.


#15 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:34 PM

Posted 21 March 2012 - 05:19 PM

Hi nginx,

Step 1

Please run a quick scan with MBAM again now.
Post the log in your reply.

Step 2

ESET Online Scanner: Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here. Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install. All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users