Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect issue


  • Please log in to reply
17 replies to this topic

#1 mercuryrsng

mercuryrsng

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 09 June 2012 - 05:34 PM

Greetings and salutations.

I am working on a friends computer. She has a Dell laptop with Windows 7 on it. She was complaining of multiple "buy this antivirus" popups. I ran Malwarebytes Antimalware and Advanced System Care. ASC cleaned up a lot of "garbage" and Malwarebytes Antimalware found 148 problems. About 140 of them were "Pup.RewardsArcade" trojan files. I ran the program in safe mode and removed everything. Now when I run the program, it finds nothing. When I go to www.google.com and search anything, I get proper results. However, if I click on any of those results, the browser doesn't take me to the results page but rather another page. It's always different. Usually it's a page trying to sell me something. Sometimes, a 2nd tab opens up and goes to a 2nd page as well. I am using Google Chrome as a browser. What steps can I take next?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:30 AM

Posted 09 June 2012 - 05:43 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 10 June 2012 - 11:19 PM

I did forget to mention that this was Windows 7, 64 bit. I tried to run GMER even tho your reply said that it would not work on a 64 bit OS. It did run and scan, so I will post the results. Here are the results from the 3 programs.

23:12:35.0494 2852 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
23:12:36.0087 2852 ============================================================
23:12:36.0087 2852 Current date / time: 2012/06/10 23:12:36.0087
23:12:36.0087 2852 SystemInfo:
23:12:36.0087 2852
23:12:36.0087 2852 OS Version: 6.1.7601 ServicePack: 1.0
23:12:36.0087 2852 Product type: Workstation
23:12:36.0087 2852 ComputerName: KAREN-PC
23:12:36.0087 2852 UserName: Karen
23:12:36.0087 2852 Windows directory: C:\Windows
23:12:36.0087 2852 System windows directory: C:\Windows
23:12:36.0087 2852 Running under WOW64
23:12:36.0087 2852 Processor architecture: Intel x64
23:12:36.0087 2852 Number of processors: 3
23:12:36.0087 2852 Page size: 0x1000
23:12:36.0087 2852 Boot type: Normal boot
23:12:36.0087 2852 ============================================================
23:12:37.0600 2852 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:12:37.0616 2852 Drive \Device\Harddisk1\DR1 - Size: 0x1DD2EA000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:12:37.0616 2852 ============================================================
23:12:37.0616 2852 \Device\Harddisk0\DR0:
23:12:37.0616 2852 MBR partitions:
23:12:37.0616 2852 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:12:37.0616 2852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
23:12:37.0616 2852 \Device\Harddisk1\DR1:
23:12:37.0616 2852 MBR partitions:
23:12:37.0616 2852 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xEE9641
23:12:37.0616 2852 ============================================================
23:12:37.0631 2852 C: <-> \Device\Harddisk0\DR0\Partition1
23:12:37.0631 2852 ============================================================
23:12:37.0631 2852 Initialize success
23:12:37.0631 2852 ============================================================
23:12:51.0937 3680 ============================================================
23:12:51.0937 3680 Scan started
23:12:51.0937 3680 Mode: Manual; TDLFS;
23:12:51.0937 3680 ============================================================
23:12:53.0543 3680 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:12:53.0559 3680 1394ohci - ok
23:12:53.0621 3680 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:12:53.0621 3680 ACPI - ok
23:12:53.0653 3680 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:12:53.0653 3680 AcpiPmi - ok
23:12:53.0762 3680 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:12:53.0762 3680 AdobeARMservice - ok
23:12:53.0824 3680 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:12:53.0840 3680 adp94xx - ok
23:12:53.0902 3680 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:12:53.0918 3680 adpahci - ok
23:12:53.0949 3680 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:12:53.0965 3680 adpu320 - ok
23:12:54.0105 3680 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
23:12:54.0121 3680 AdvancedSystemCareService5 - ok
23:12:54.0167 3680 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:12:54.0183 3680 AeLookupSvc - ok
23:12:54.0308 3680 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
23:12:54.0308 3680 AESTFilters - ok
23:12:54.0386 3680 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:12:54.0401 3680 AFD - ok
23:12:54.0433 3680 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:12:54.0433 3680 agp440 - ok
23:12:54.0479 3680 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:12:54.0479 3680 ALG - ok
23:12:54.0511 3680 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:12:54.0511 3680 aliide - ok
23:12:54.0557 3680 AMD External Events Utility (8f6c0ff277dbfe5ebed24e3543da7bfa) C:\Windows\system32\atiesrxx.exe
23:12:54.0557 3680 AMD External Events Utility - ok
23:12:54.0573 3680 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:12:54.0589 3680 amdide - ok
23:12:54.0620 3680 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:12:54.0620 3680 AmdK8 - ok
23:12:55.0025 3680 amdkmdag (9673319070166e26660eba4edf316fa2) C:\Windows\system32\DRIVERS\atipmdag.sys
23:12:55.0166 3680 amdkmdag - ok
23:12:55.0337 3680 amdkmdap (430d06d63952848e64cbbf23b5c1479e) C:\Windows\system32\DRIVERS\atikmpag.sys
23:12:55.0337 3680 amdkmdap - ok
23:12:55.0384 3680 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:12:55.0384 3680 AmdPPM - ok
23:12:55.0431 3680 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:12:55.0447 3680 amdsata - ok
23:12:55.0493 3680 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:12:55.0509 3680 amdsbs - ok
23:12:55.0540 3680 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:12:55.0540 3680 amdxata - ok
23:12:55.0634 3680 Amsp (18f64623e76ff58009d6f9cb9dea5d0a) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
23:12:55.0634 3680 Amsp - ok
23:12:55.0681 3680 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:12:55.0681 3680 AppID - ok
23:12:55.0712 3680 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:12:55.0712 3680 AppIDSvc - ok
23:12:55.0759 3680 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:12:55.0759 3680 Appinfo - ok
23:12:55.0852 3680 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:12:55.0852 3680 Apple Mobile Device - ok
23:12:55.0915 3680 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
23:12:55.0930 3680 AppMgmt - ok
23:12:55.0946 3680 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:12:55.0961 3680 arc - ok
23:12:55.0977 3680 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:12:55.0993 3680 arcsas - ok
23:12:56.0008 3680 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:12:56.0008 3680 AsyncMac - ok
23:12:56.0039 3680 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:12:56.0039 3680 atapi - ok
23:12:56.0086 3680 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
23:12:56.0102 3680 AtiHdmiService - ok
23:12:56.0117 3680 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
23:12:56.0117 3680 AtiPcie - ok
23:12:56.0211 3680 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:12:56.0227 3680 AudioEndpointBuilder - ok
23:12:56.0227 3680 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:12:56.0227 3680 AudioSrv - ok
23:12:56.0273 3680 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:12:56.0289 3680 AxInstSV - ok
23:12:56.0367 3680 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:12:56.0367 3680 b06bdrv - ok
23:12:56.0398 3680 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:12:56.0414 3680 b57nd60a - ok
23:12:56.0445 3680 BCM42RLY (5c0f919666954885d7760dffe4b29a25) C:\Windows\system32\drivers\BCM42RLY.sys
23:12:56.0461 3680 BCM42RLY - ok
23:12:56.0663 3680 BCM43XX (bab887a2b2786310a966881f074f4a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
23:12:56.0695 3680 BCM43XX - ok
23:12:56.0819 3680 BcmVWL (d98f22c21d2969dad4f1faad8cd4faac) C:\Windows\system32\DRIVERS\bcmvwl64.sys
23:12:56.0819 3680 BcmVWL - ok
23:12:56.0866 3680 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:12:56.0866 3680 BDESVC - ok
23:12:56.0897 3680 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:12:56.0913 3680 Beep - ok
23:12:57.0022 3680 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
23:12:57.0038 3680 BITS - ok
23:12:57.0053 3680 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:12:57.0053 3680 blbdrive - ok
23:12:57.0163 3680 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:12:57.0163 3680 Bonjour Service - ok
23:12:57.0209 3680 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:12:57.0209 3680 bowser - ok
23:12:57.0241 3680 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:12:57.0241 3680 BrFiltLo - ok
23:12:57.0241 3680 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:12:57.0241 3680 BrFiltUp - ok
23:12:57.0287 3680 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:12:57.0303 3680 Browser - ok
23:12:57.0334 3680 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:12:57.0334 3680 Brserid - ok
23:12:57.0350 3680 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:12:57.0350 3680 BrSerWdm - ok
23:12:57.0350 3680 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:12:57.0350 3680 BrUsbMdm - ok
23:12:57.0365 3680 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:12:57.0365 3680 BrUsbSer - ok
23:12:57.0365 3680 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:12:57.0365 3680 BTHMODEM - ok
23:12:57.0412 3680 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:12:57.0412 3680 bthserv - ok
23:12:57.0443 3680 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:12:57.0443 3680 cdfs - ok
23:12:57.0490 3680 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:12:57.0490 3680 cdrom - ok
23:12:57.0537 3680 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:12:57.0537 3680 CertPropSvc - ok
23:12:57.0568 3680 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:12:57.0568 3680 circlass - ok
23:12:57.0615 3680 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:12:57.0631 3680 CLFS - ok
23:12:57.0709 3680 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:12:57.0709 3680 clr_optimization_v2.0.50727_32 - ok
23:12:57.0755 3680 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:12:57.0771 3680 clr_optimization_v2.0.50727_64 - ok
23:12:57.0802 3680 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:12:57.0818 3680 CmBatt - ok
23:12:57.0833 3680 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:12:57.0849 3680 cmdide - ok
23:12:57.0927 3680 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:12:57.0927 3680 CNG - ok
23:12:57.0958 3680 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:12:57.0958 3680 Compbatt - ok
23:12:57.0989 3680 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:12:57.0989 3680 CompositeBus - ok
23:12:57.0989 3680 COMSysApp - ok
23:12:58.0021 3680 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:12:58.0021 3680 crcdisk - ok
23:12:58.0067 3680 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
23:12:58.0067 3680 CryptSvc - ok
23:12:58.0145 3680 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
23:12:58.0161 3680 CSC - ok
23:12:58.0255 3680 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
23:12:58.0286 3680 CscService - ok
23:12:58.0364 3680 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:12:58.0379 3680 DcomLaunch - ok
23:12:58.0442 3680 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:12:58.0457 3680 defragsvc - ok
23:12:58.0535 3680 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:12:58.0535 3680 DfsC - ok
23:12:58.0598 3680 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:12:58.0629 3680 Dhcp - ok
23:12:58.0645 3680 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:12:58.0645 3680 discache - ok
23:12:58.0676 3680 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:12:58.0676 3680 Disk - ok
23:12:58.0723 3680 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:12:58.0738 3680 Dnscache - ok
23:12:58.0801 3680 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:12:58.0816 3680 dot3svc - ok
23:12:58.0863 3680 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:12:58.0863 3680 DPS - ok
23:12:58.0894 3680 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:12:58.0894 3680 drmkaud - ok
23:12:59.0003 3680 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:12:59.0019 3680 DXGKrnl - ok
23:12:59.0050 3680 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:12:59.0081 3680 EapHost - ok
23:12:59.0347 3680 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:12:59.0409 3680 ebdrv - ok
23:12:59.0549 3680 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:12:59.0549 3680 EFS - ok
23:12:59.0674 3680 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:12:59.0674 3680 ehRecvr - ok
23:12:59.0705 3680 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:12:59.0737 3680 ehSched - ok
23:12:59.0830 3680 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:12:59.0861 3680 elxstor - ok
23:12:59.0893 3680 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:12:59.0893 3680 ErrDev - ok
23:12:59.0986 3680 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:13:00.0017 3680 EventSystem - ok
23:13:00.0049 3680 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:13:00.0064 3680 exfat - ok
23:13:00.0095 3680 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:13:00.0111 3680 fastfat - ok
23:13:00.0205 3680 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:13:00.0236 3680 Fax - ok
23:13:00.0236 3680 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:13:00.0236 3680 fdc - ok
23:13:00.0267 3680 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:13:00.0267 3680 fdPHost - ok
23:13:00.0267 3680 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:13:00.0283 3680 FDResPub - ok
23:13:00.0298 3680 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:13:00.0298 3680 FileInfo - ok
23:13:00.0298 3680 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:13:00.0298 3680 Filetrace - ok
23:13:00.0314 3680 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:13:00.0314 3680 flpydisk - ok
23:13:00.0376 3680 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:13:00.0376 3680 FltMgr - ok
23:13:00.0517 3680 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:13:00.0548 3680 FontCache - ok
23:13:00.0626 3680 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:13:00.0626 3680 FontCache3.0.0.0 - ok
23:13:00.0673 3680 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:13:00.0688 3680 FsDepends - ok
23:13:00.0719 3680 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:13:00.0719 3680 Fs_Rec - ok
23:13:00.0782 3680 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:13:00.0782 3680 fvevol - ok
23:13:00.0813 3680 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:13:00.0813 3680 gagp30kx - ok
23:13:00.0844 3680 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:13:00.0844 3680 GEARAspiWDM - ok
23:13:00.0938 3680 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:13:00.0969 3680 gpsvc - ok
23:13:00.0985 3680 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:13:00.0985 3680 hcw85cir - ok
23:13:01.0047 3680 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:13:01.0063 3680 HdAudAddService - ok
23:13:01.0094 3680 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:13:01.0094 3680 HDAudBus - ok
23:13:01.0109 3680 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:13:01.0109 3680 HidBatt - ok
23:13:01.0125 3680 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:13:01.0125 3680 HidBth - ok
23:13:01.0141 3680 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:13:01.0141 3680 HidIr - ok
23:13:01.0172 3680 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
23:13:01.0172 3680 hidserv - ok
23:13:01.0203 3680 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
23:13:01.0203 3680 HidUsb - ok
23:13:01.0250 3680 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:13:01.0250 3680 hkmsvc - ok
23:13:01.0297 3680 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:13:01.0328 3680 HomeGroupListener - ok
23:13:01.0375 3680 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:13:01.0406 3680 HomeGroupProvider - ok
23:13:01.0421 3680 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:13:01.0437 3680 HpSAMD - ok
23:13:01.0531 3680 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:13:01.0546 3680 HTTP - ok
23:13:01.0593 3680 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:13:01.0593 3680 hwpolicy - ok
23:13:01.0624 3680 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:13:01.0655 3680 i8042prt - ok
23:13:01.0718 3680 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:13:01.0749 3680 iaStorV - ok
23:13:01.0905 3680 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:13:01.0921 3680 idsvc - ok
23:13:01.0952 3680 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:13:01.0952 3680 iirsp - ok
23:13:02.0061 3680 IJPLMSVC (c5b04409186a27409bd069580208a6d3) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
23:13:02.0061 3680 IJPLMSVC - ok
23:13:02.0170 3680 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:13:02.0201 3680 IKEEXT - ok
23:13:02.0217 3680 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:13:02.0217 3680 intelide - ok
23:13:02.0233 3680 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:13:02.0248 3680 intelppm - ok
23:13:02.0279 3680 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:13:02.0279 3680 IPBusEnum - ok
23:13:02.0326 3680 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:13:02.0326 3680 IpFilterDriver - ok
23:13:02.0389 3680 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:13:02.0389 3680 IPMIDRV - ok
23:13:02.0404 3680 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:13:02.0404 3680 IPNAT - ok
23:13:02.0576 3680 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
23:13:02.0591 3680 iPod Service - ok
23:13:02.0591 3680 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:13:02.0607 3680 IRENUM - ok
23:13:02.0623 3680 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:13:02.0623 3680 isapnp - ok
23:13:02.0669 3680 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:13:02.0685 3680 iScsiPrt - ok
23:13:02.0732 3680 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:13:02.0732 3680 kbdclass - ok
23:13:02.0779 3680 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:13:02.0779 3680 kbdhid - ok
23:13:02.0810 3680 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:13:02.0810 3680 KeyIso - ok
23:13:02.0841 3680 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:13:02.0841 3680 KSecDD - ok
23:13:02.0872 3680 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:13:02.0872 3680 KSecPkg - ok
23:13:02.0903 3680 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:13:02.0903 3680 ksthunk - ok
23:13:02.0981 3680 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:13:02.0997 3680 KtmRm - ok
23:13:03.0059 3680 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
23:13:03.0075 3680 LanmanServer - ok
23:13:03.0106 3680 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:13:03.0122 3680 LanmanWorkstation - ok
23:13:03.0153 3680 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:13:03.0153 3680 lltdio - ok
23:13:03.0200 3680 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:13:03.0231 3680 lltdsvc - ok
23:13:03.0231 3680 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:13:03.0247 3680 lmhosts - ok
23:13:03.0278 3680 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:13:03.0278 3680 LSI_FC - ok
23:13:03.0309 3680 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:13:03.0309 3680 LSI_SAS - ok
23:13:03.0325 3680 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:13:03.0340 3680 LSI_SAS2 - ok
23:13:03.0356 3680 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:13:03.0356 3680 LSI_SCSI - ok
23:13:03.0356 3680 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:13:03.0371 3680 luafv - ok
23:13:03.0387 3680 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
23:13:03.0403 3680 MBAMProtector - ok
23:13:03.0527 3680 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:13:03.0543 3680 MBAMService - ok
23:13:03.0574 3680 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:13:03.0574 3680 Mcx2Svc - ok
23:13:03.0605 3680 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:13:03.0605 3680 megasas - ok
23:13:03.0637 3680 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:13:03.0652 3680 MegaSR - ok
23:13:03.0668 3680 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:13:03.0683 3680 MMCSS - ok
23:13:03.0699 3680 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:13:03.0699 3680 Modem - ok
23:13:03.0715 3680 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:13:03.0715 3680 monitor - ok
23:13:03.0730 3680 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
23:13:03.0730 3680 mouclass - ok
23:13:03.0746 3680 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:13:03.0746 3680 mouhid - ok
23:13:03.0793 3680 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:13:03.0793 3680 mountmgr - ok
23:13:03.0839 3680 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
23:13:03.0839 3680 MpFilter - ok
23:13:03.0886 3680 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:13:03.0902 3680 mpio - ok
23:13:03.0917 3680 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:13:03.0917 3680 mpsdrv - ok
23:13:03.0964 3680 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:13:03.0980 3680 MRxDAV - ok
23:13:04.0027 3680 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:13:04.0027 3680 mrxsmb - ok
23:13:04.0089 3680 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:13:04.0105 3680 mrxsmb10 - ok
23:13:04.0167 3680 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:13:04.0183 3680 mrxsmb20 - ok
23:13:04.0214 3680 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:13:04.0229 3680 msahci - ok
23:13:04.0261 3680 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:13:04.0276 3680 msdsm - ok
23:13:04.0323 3680 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:13:04.0339 3680 MSDTC - ok
23:13:04.0370 3680 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:13:04.0370 3680 Msfs - ok
23:13:04.0385 3680 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:13:04.0385 3680 mshidkmdf - ok
23:13:04.0417 3680 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:13:04.0417 3680 msisadrv - ok
23:13:04.0463 3680 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:13:04.0463 3680 MSiSCSI - ok
23:13:04.0479 3680 msiserver - ok
23:13:04.0495 3680 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:13:04.0495 3680 MSKSSRV - ok
23:13:04.0495 3680 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:13:04.0495 3680 MSPCLOCK - ok
23:13:04.0510 3680 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:13:04.0510 3680 MSPQM - ok
23:13:04.0557 3680 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:13:04.0573 3680 MsRPC - ok
23:13:04.0588 3680 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:13:04.0588 3680 mssmbios - ok
23:13:04.0588 3680 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:13:04.0588 3680 MSTEE - ok
23:13:04.0604 3680 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:13:04.0604 3680 MTConfig - ok
23:13:04.0619 3680 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:13:04.0619 3680 Mup - ok
23:13:04.0682 3680 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:13:04.0697 3680 napagent - ok
23:13:04.0729 3680 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:13:04.0744 3680 NativeWifiP - ok
23:13:04.0822 3680 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:13:04.0838 3680 NDIS - ok
23:13:04.0838 3680 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:13:04.0853 3680 NdisCap - ok
23:13:04.0869 3680 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:13:04.0869 3680 NdisTapi - ok
23:13:04.0900 3680 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:13:04.0900 3680 Ndisuio - ok
23:13:04.0931 3680 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:13:04.0947 3680 NdisWan - ok
23:13:04.0978 3680 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:13:04.0978 3680 NDProxy - ok
23:13:04.0994 3680 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:13:04.0994 3680 NetBIOS - ok
23:13:05.0041 3680 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:13:05.0056 3680 NetBT - ok
23:13:05.0103 3680 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:13:05.0103 3680 Netlogon - ok
23:13:05.0165 3680 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:13:05.0197 3680 Netman - ok
23:13:05.0243 3680 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:13:05.0275 3680 netprofm - ok
23:13:05.0353 3680 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:13:05.0384 3680 NetTcpPortSharing - ok
23:13:05.0431 3680 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:13:05.0431 3680 nfrd960 - ok
23:13:05.0462 3680 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:13:05.0477 3680 NisDrv - ok
23:13:05.0571 3680 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
23:13:05.0587 3680 NisSrv - ok
23:13:05.0680 3680 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:13:05.0711 3680 NlaSvc - ok
23:13:05.0743 3680 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:13:05.0743 3680 Npfs - ok
23:13:05.0774 3680 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:13:05.0774 3680 nsi - ok
23:13:05.0805 3680 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:13:05.0821 3680 nsiproxy - ok
23:13:06.0616 3680 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:13:06.0694 3680 Ntfs - ok
23:13:07.0381 3680 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:13:07.0381 3680 Null - ok
23:13:07.0474 3680 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:13:07.0474 3680 nvraid - ok
23:13:07.0537 3680 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:13:07.0537 3680 nvstor - ok
23:13:07.0615 3680 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:13:07.0646 3680 nv_agp - ok
23:13:07.0833 3680 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:13:07.0849 3680 odserv - ok
23:13:07.0942 3680 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:13:07.0973 3680 ohci1394 - ok
23:13:08.0051 3680 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:13:08.0051 3680 ose - ok
23:13:08.0114 3680 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:13:08.0129 3680 p2pimsvc - ok
23:13:08.0239 3680 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:13:08.0254 3680 p2psvc - ok
23:13:08.0332 3680 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:13:08.0363 3680 Parport - ok
23:13:08.0426 3680 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:13:08.0426 3680 partmgr - ok
23:13:08.0504 3680 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:13:08.0504 3680 PcaSvc - ok
23:13:08.0582 3680 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:13:08.0582 3680 pci - ok
23:13:08.0722 3680 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:13:08.0738 3680 pciide - ok
23:13:08.0753 3680 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:13:08.0769 3680 pcmcia - ok
23:13:08.0800 3680 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:13:08.0800 3680 pcw - ok
23:13:08.0941 3680 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:13:08.0956 3680 PEAUTH - ok
23:13:09.0175 3680 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
23:13:09.0237 3680 PeerDistSvc - ok
23:13:09.0580 3680 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:13:09.0611 3680 PerfHost - ok
23:13:11.0764 3680 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:13:11.0827 3680 pla - ok
23:13:11.0905 3680 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:13:11.0905 3680 PlugPlay - ok
23:13:11.0951 3680 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:13:11.0951 3680 PNRPAutoReg - ok
23:13:12.0014 3680 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:13:12.0014 3680 PNRPsvc - ok
23:13:12.0123 3680 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:13:12.0154 3680 PolicyAgent - ok
23:13:12.0232 3680 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:13:12.0248 3680 Power - ok
23:13:12.0326 3680 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:13:12.0341 3680 PptpMiniport - ok
23:13:12.0388 3680 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:13:12.0388 3680 Processor - ok
23:13:12.0435 3680 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
23:13:12.0451 3680 ProfSvc - ok
23:13:12.0482 3680 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:13:12.0482 3680 ProtectedStorage - ok
23:13:12.0529 3680 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:13:12.0529 3680 Psched - ok
23:13:12.0716 3680 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:13:12.0763 3680 ql2300 - ok
23:13:12.0903 3680 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:13:12.0919 3680 ql40xx - ok
23:13:12.0981 3680 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:13:12.0997 3680 QWAVE - ok
23:13:13.0012 3680 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:13:13.0012 3680 QWAVEdrv - ok
23:13:13.0028 3680 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:13:13.0028 3680 RasAcd - ok
23:13:13.0059 3680 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:13:13.0059 3680 RasAgileVpn - ok
23:13:13.0090 3680 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:13:13.0090 3680 RasAuto - ok
23:13:13.0137 3680 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:13:13.0137 3680 Rasl2tp - ok
23:13:13.0199 3680 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:13:13.0231 3680 RasMan - ok
23:13:13.0293 3680 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:13:13.0309 3680 RasPppoe - ok
23:13:13.0324 3680 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:13:13.0324 3680 RasSstp - ok
23:13:13.0402 3680 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:13:13.0418 3680 rdbss - ok
23:13:13.0449 3680 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:13:13.0449 3680 rdpbus - ok
23:13:13.0465 3680 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:13:13.0465 3680 RDPCDD - ok
23:13:13.0496 3680 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
23:13:13.0511 3680 RDPDR - ok
23:13:13.0527 3680 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:13:13.0527 3680 RDPENCDD - ok
23:13:13.0543 3680 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:13:13.0543 3680 RDPREFMP - ok
23:13:13.0605 3680 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
23:13:13.0621 3680 RDPWD - ok
23:13:13.0683 3680 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:13:13.0683 3680 rdyboost - ok
23:13:13.0761 3680 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:13:13.0777 3680 RemoteAccess - ok
23:13:13.0839 3680 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:13:13.0839 3680 RemoteRegistry - ok
23:13:13.0855 3680 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:13:13.0870 3680 RpcEptMapper - ok
23:13:13.0886 3680 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:13:13.0886 3680 RpcLocator - ok
23:13:13.0964 3680 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:13:13.0979 3680 RpcSs - ok
23:13:14.0011 3680 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:13:14.0011 3680 rspndr - ok
23:13:14.0089 3680 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:13:14.0089 3680 RTL8167 - ok
23:13:14.0120 3680 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
23:13:14.0135 3680 s3cap - ok
23:13:14.0167 3680 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:13:14.0167 3680 SamSs - ok
23:13:14.0213 3680 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:13:14.0229 3680 sbp2port - ok
23:13:14.0291 3680 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:13:14.0307 3680 SCardSvr - ok
23:13:14.0323 3680 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:13:14.0323 3680 scfilter - ok
23:13:14.0463 3680 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:13:14.0494 3680 Schedule - ok
23:13:14.0525 3680 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:13:14.0525 3680 SCPolicySvc - ok
23:13:14.0588 3680 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:13:14.0603 3680 SDRSVC - ok
23:13:14.0681 3680 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:13:14.0697 3680 secdrv - ok
23:13:14.0728 3680 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:13:14.0728 3680 seclogon - ok
23:13:14.0759 3680 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:13:14.0759 3680 SENS - ok
23:13:14.0791 3680 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:13:14.0791 3680 SensrSvc - ok
23:13:14.0806 3680 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:13:14.0822 3680 Serenum - ok
23:13:14.0837 3680 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:13:14.0837 3680 Serial - ok
23:13:14.0900 3680 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:13:14.0931 3680 sermouse - ok
23:13:14.0993 3680 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:13:15.0009 3680 SessionEnv - ok
23:13:15.0040 3680 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:13:15.0040 3680 sffdisk - ok
23:13:15.0056 3680 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:13:15.0056 3680 sffp_mmc - ok
23:13:15.0087 3680 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:13:15.0087 3680 sffp_sd - ok
23:13:15.0087 3680 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:13:15.0087 3680 sfloppy - ok
23:13:15.0149 3680 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:13:15.0165 3680 ShellHWDetection - ok
23:13:15.0212 3680 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:13:15.0212 3680 SiSRaid2 - ok
23:13:15.0227 3680 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:13:15.0243 3680 SiSRaid4 - ok
23:13:15.0243 3680 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:13:15.0259 3680 Smb - ok
23:13:15.0305 3680 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:13:15.0305 3680 SNMPTRAP - ok
23:13:15.0321 3680 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:13:15.0321 3680 spldr - ok
23:13:15.0430 3680 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:13:15.0446 3680 Spooler - ok
23:13:15.0773 3680 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:13:15.0883 3680 sppsvc - ok
23:13:16.0023 3680 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:13:16.0023 3680 sppuinotify - ok
23:13:16.0101 3680 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:13:16.0117 3680 srv - ok
23:13:16.0179 3680 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:13:16.0195 3680 srv2 - ok
23:13:16.0226 3680 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:13:16.0241 3680 srvnet - ok
23:13:16.0273 3680 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:13:16.0288 3680 SSDPSRV - ok
23:13:16.0304 3680 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:13:16.0304 3680 SstpSvc - ok
23:13:16.0397 3680 STacSV (da7702025dfd169b909c4da3126762cc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
23:13:16.0413 3680 STacSV - ok
23:13:16.0444 3680 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:13:16.0444 3680 stexstor - ok
23:13:16.0522 3680 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys
23:13:16.0538 3680 STHDA - ok
23:13:16.0631 3680 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:13:16.0647 3680 stisvc - ok
23:13:16.0678 3680 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
23:13:16.0678 3680 storflt - ok
23:13:16.0709 3680 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
23:13:16.0709 3680 StorSvc - ok
23:13:16.0725 3680 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
23:13:16.0725 3680 storvsc - ok
23:13:16.0756 3680 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:13:16.0756 3680 swenum - ok
23:13:16.0834 3680 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:13:16.0850 3680 swprv - ok
23:13:16.0897 3680 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys
23:13:16.0912 3680 SynTP - ok
23:13:17.0099 3680 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:13:17.0146 3680 SysMain - ok
23:13:17.0318 3680 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:13:17.0349 3680 TabletInputService - ok
23:13:17.0411 3680 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:13:17.0427 3680 TapiSrv - ok
23:13:17.0458 3680 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:13:17.0474 3680 TBS - ok
23:13:17.0692 3680 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:13:17.0739 3680 Tcpip - ok
23:13:18.0051 3680 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:13:18.0067 3680 TCPIP6 - ok
23:13:18.0207 3680 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:13:18.0223 3680 tcpipreg - ok
23:13:18.0285 3680 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:13:18.0285 3680 TDPIPE - ok
23:13:18.0347 3680 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:13:18.0363 3680 TDTCP - ok
23:13:18.0581 3680 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:13:18.0613 3680 tdx - ok
23:13:18.0784 3680 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:13:18.0784 3680 TermDD - ok
23:13:19.0564 3680 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:13:19.0611 3680 TermService - ok
23:13:19.0720 3680 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:13:19.0736 3680 Themes - ok
23:13:19.0798 3680 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:13:19.0798 3680 THREADORDER - ok
23:13:20.0126 3680 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
23:13:20.0126 3680 tmactmon - ok
23:13:20.0453 3680 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
23:13:20.0469 3680 tmcomm - ok
23:13:20.0594 3680 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
23:13:20.0594 3680 tmevtmgr - ok
23:13:20.0703 3680 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
23:13:20.0703 3680 tmtdi - ok
23:13:21.0077 3680 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:13:21.0124 3680 TrkWks - ok
23:13:21.0686 3680 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:13:21.0733 3680 TrustedInstaller - ok
23:13:21.0857 3680 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:13:21.0889 3680 tssecsrv - ok
23:13:21.0935 3680 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:13:21.0935 3680 TsUsbFlt - ok
23:13:22.0232 3680 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:13:22.0263 3680 tunnel - ok
23:13:22.0403 3680 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:13:22.0435 3680 uagp35 - ok
23:13:23.0043 3680 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:13:23.0121 3680 udfs - ok
23:13:23.0246 3680 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:13:23.0246 3680 UI0Detect - ok
23:13:23.0386 3680 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:13:23.0417 3680 uliagpkx - ok
23:13:23.0558 3680 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:13:23.0589 3680 umbus - ok
23:13:23.0636 3680 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:13:23.0636 3680 UmPass - ok
23:13:23.0839 3680 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
23:13:23.0870 3680 UmRdpService - ok
23:13:23.0979 3680 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:13:24.0026 3680 upnphost - ok
23:13:24.0104 3680 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
23:13:24.0104 3680 USBAAPL64 - ok
23:13:24.0229 3680 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:13:24.0260 3680 usbccgp - ok
23:13:24.0322 3680 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:13:24.0322 3680 usbcir - ok
23:13:24.0385 3680 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:13:24.0385 3680 usbehci - ok
23:13:24.0509 3680 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
23:13:24.0509 3680 usbfilter - ok
23:13:24.0619 3680 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:13:24.0619 3680 usbhub - ok
23:13:24.0759 3680 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
23:13:24.0759 3680 usbohci - ok
23:13:24.0868 3680 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:13:24.0868 3680 usbprint - ok
23:13:24.0977 3680 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:13:24.0977 3680 usbscan - ok
23:13:25.0180 3680 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:13:25.0180 3680 USBSTOR - ok
23:13:25.0289 3680 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:13:25.0289 3680 usbuhci - ok
23:13:25.0664 3680 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
23:13:25.0695 3680 usbvideo - ok
23:13:25.0820 3680 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:13:25.0835 3680 UxSms - ok
23:13:25.0929 3680 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:13:25.0929 3680 VaultSvc - ok
23:13:26.0023 3680 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:13:26.0023 3680 vdrvroot - ok
23:13:26.0210 3680 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:13:26.0225 3680 vds - ok
23:13:26.0335 3680 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:13:26.0366 3680 vga - ok
23:13:26.0491 3680 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:13:26.0491 3680 VgaSave - ok
23:13:26.0600 3680 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:13:26.0600 3680 vhdmp - ok
23:13:26.0631 3680 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:13:26.0631 3680 viaide - ok
23:13:27.0021 3680 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
23:13:27.0052 3680 vmbus - ok
23:13:27.0130 3680 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
23:13:27.0146 3680 VMBusHID - ok
23:13:27.0317 3680 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:13:27.0317 3680 volmgr - ok
23:13:28.0004 3680 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:13:28.0051 3680 volmgrx - ok
23:13:28.0300 3680 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:13:28.0316 3680 volsnap - ok
23:13:28.0643 3680 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:13:28.0675 3680 vsmraid - ok
23:13:29.0673 3680 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:13:29.0767 3680 VSS - ok
23:13:30.0874 3680 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:13:30.0874 3680 vwifibus - ok
23:13:30.0999 3680 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:13:31.0077 3680 vwififlt - ok
23:13:31.0358 3680 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:13:31.0405 3680 W32Time - ok
23:13:31.0514 3680 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:13:31.0529 3680 WacomPen - ok
23:13:31.0826 3680 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:13:31.0857 3680 WANARP - ok
23:13:31.0873 3680 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:13:31.0873 3680 Wanarpv6 - ok
23:13:32.0185 3680 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:13:32.0263 3680 WatAdminSvc - ok
23:13:32.0559 3680 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:13:32.0590 3680 wbengine - ok
23:13:32.0871 3680 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:13:32.0887 3680 WbioSrvc - ok
23:13:32.0980 3680 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:13:32.0996 3680 wcncsvc - ok
23:13:33.0027 3680 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:13:33.0027 3680 WcsPlugInService - ok
23:13:33.0105 3680 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:13:33.0105 3680 Wd - ok
23:13:33.0214 3680 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:13:33.0230 3680 Wdf01000 - ok
23:13:33.0277 3680 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:13:33.0308 3680 WdiServiceHost - ok
23:13:33.0308 3680 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:13:33.0324 3680 WdiSystemHost - ok
23:13:33.0370 3680 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:13:33.0386 3680 WebClient - ok
23:13:33.0464 3680 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:13:33.0464 3680 Wecsvc - ok
23:13:33.0495 3680 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:13:33.0495 3680 wercplsupport - ok
23:13:33.0526 3680 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:13:33.0542 3680 WerSvc - ok
23:13:33.0620 3680 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:13:33.0620 3680 WfpLwf - ok
23:13:33.0667 3680 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:13:33.0667 3680 WIMMount - ok
23:13:33.0667 3680 WinHttpAutoProxySvc - ok
23:13:33.0776 3680 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:13:33.0792 3680 Winmgmt - ok
23:13:34.0026 3680 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:13:34.0088 3680 WinRM - ok
23:13:34.0416 3680 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:13:34.0462 3680 WinUsb - ok
23:13:34.0572 3680 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:13:34.0618 3680 Wlansvc - ok
23:13:34.0821 3680 wltrysvc (a96d6c0613dcf84f2d07faeb75663072) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
23:13:34.0821 3680 wltrysvc - ok
23:13:34.0868 3680 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:13:34.0868 3680 WmiAcpi - ok
23:13:34.0962 3680 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:13:34.0962 3680 wmiApSrv - ok
23:13:35.0086 3680 WMPNetworkSvc - ok
23:13:35.0149 3680 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:13:35.0149 3680 WPCSvc - ok
23:13:35.0196 3680 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:13:35.0196 3680 WPDBusEnum - ok
23:13:35.0227 3680 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:13:35.0227 3680 ws2ifsl - ok
23:13:35.0227 3680 WSearch - ok
23:13:35.0788 3680 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
23:13:35.0882 3680 wuauserv - ok
23:13:36.0646 3680 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:13:36.0646 3680 WudfPf - ok
23:13:36.0693 3680 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:13:36.0693 3680 WUDFRd - ok
23:13:36.0724 3680 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:13:36.0724 3680 wudfsvc - ok
23:13:36.0771 3680 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:13:36.0802 3680 WwanSvc - ok
23:13:36.0834 3680 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:13:37.0707 3680 \Device\Harddisk0\DR0 - ok
23:13:37.0707 3680 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
23:13:37.0863 3680 \Device\Harddisk1\DR1 - ok
23:13:37.0894 3680 Boot (0x1200) (3c746602694f212dcd5b0871a1557c6f) \Device\Harddisk0\DR0\Partition0
23:13:37.0894 3680 \Device\Harddisk0\DR0\Partition0 - ok
23:13:37.0926 3680 Boot (0x1200) (76df8ad0c07809c55b9353167bf65970) \Device\Harddisk0\DR0\Partition1
23:13:37.0926 3680 \Device\Harddisk0\DR0\Partition1 - ok
23:13:37.0926 3680 Boot (0x1200) (f9910ab0934c6d7f1758a0cc6ebe1b3e) \Device\Harddisk1\DR1\Partition0
23:13:37.0926 3680 \Device\Harddisk1\DR1\Partition0 - ok
23:13:37.0926 3680 ============================================================
23:13:37.0926 3680 Scan finished
23:13:37.0926 3680 ============================================================
23:13:37.0941 2620 Detected object count: 0
23:13:37.0941 2620 Actual detected object count: 0

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-10 23:43:37
Windows 6.1.7601 Service Pack 1
Running: b49n3yd8.exe


---- Files - GMER 1.0.15 ----

File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ebBanner_2_5_2_1[1].js 178253 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\emily[1].htm 11932 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\emily[3].htm 11932 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ads_tfChina[3].js 7759 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ads_tf[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ad[1].js 3421 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\bg_searchbar_l[1].htm 261 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\bg_searchbar_r[1].png 203 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\tabs[1].css 2784 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\text_groupCA5IPAO2.js 1915 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\text_groupCAL6C5R2.js 1915 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\text_groupCARP8UDI.js 1915 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\text_groupCAT8EFY3.js 1915 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\text_groupCAU2VRXP.js 1915 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\head_menu_index[1].js 2588 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\pm_300_250[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\pm_300_250[4].htm 252 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\pm_300_250[5].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\pm_300_250[6].htm 252 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\poll[1].css 671 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\rsswhite[1].gif 53 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ie-5c4fddc271b84784303afb2ee7cecd46[1].css 1870 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\iframe2[1].js 19204 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\meld128[1].js 4212 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\slideshow[1].css 1802 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\glamadapt_jsapi[1].js 6564 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\glamadapt_jsrv[2].js 1923 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\glam_comscore[1].js 363 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\fieldgroup[1].css 166 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\flow[1].js 2019 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\mini-ad[1].jpg 10194 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\9485491_b9073962-62a0-42f0-8d1b-846ed37561d3[1].js 3663 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ctools[1].css 581 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\d5ea9a9a-a062-40a7-9fcb-35abc0d35c75_tiff[1].jpg 1964 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\date[1].css 3804 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\yQQJCpx9hGG[2].js 112305 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\zpu[1].htm 1340 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\_SYaud79SPL[1].js 48709 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\23c093a8-52ef-4c16-bd8e-4432f884cf90_here_we_go[1].jpg 1956 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\27252-15[1].js 1807 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\PlayerSeed[1].js 270222 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\PlayerSeed[2].js 270222 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\play_button[1].png 6885 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\UlIqmHJn-SK[2].gif 390 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\un_full[1].png 1265 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\up[1].js 288 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\user[1].css 1127 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\utag.loader101[1].js 12283 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\volumeHandle[1].png 1002 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\4310[1].js 2259 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\4310[2].js 2259 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\4310[3].js 2259 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\4310[4].js 2259 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\adsCAHEWW9H.js 10761 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\adsCAIDC474.js 10709 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\adsCAJR26WA.js 10761 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\adsCAQ24E63.js 10709 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\adsCAQ25KFK.js 10761 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\adsCAT560EP.js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ads[6].js 9854 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ads[7].js 9043 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ads_247us[1].js 7901 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ads_300_150[1].js 2272 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\layout[1].css 5327 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\lights_icon[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\link_icon[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\script[1].js 444 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\sftouchscreen[1].js 1435 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\share_links[1].png 5890 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\text_groupCAV9WK00.js 1915 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\370777_100003122448321_1844201352_q[1].jpg 2313 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\pinit[1].htm 6782 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\drupal[1].js 9501 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\silver-become-300x250[1].js 5620 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\fm[1].js 3680 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\fm[2].js 3673 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\fm[3].js 3683 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\stereotude[1].css 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\style[1].css 41709 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\st[1] 4191 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\swfobject[1].js 9635 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\syncuppixels[1].htm 14739 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\system[1].css 10020 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\pubcode.min[1].js 6269 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\head_menu[1].js 2236 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\text_groupCAVYP5SZ.js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\text_groupCAZI2R5H.js 1915 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\text_group[10].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\text_group[11].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\text_group[2].js 1915 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\text_group[6].js 1915 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\text_group[7].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\text_group[8].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\text_group[9].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\alice[1].js 23497 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\alice[3].js 23493 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\application[1].js 10196 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\imp[1].js 438 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\imp[2].js 1523 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\imp[3].js 595 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\abVZwWkUl-u[1].css 14901 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ab[1].htm 1225 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\jquery-1.4.4.min[1].js 78601 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\jquery.infinitescroll.min[1].js 9048 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\jquery.min[1].js 57254 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ar_728_90[6].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ar_728_90[7].htm 803 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ar_728_90[8].htm 803 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ar_728_90[9].htm 803 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\at[1].js 1563 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\adsCAU0A7DY.js 10709 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\adsCAVOGBXM.js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\adsCAY5CPN1.js 10709 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\adsonar[1].js 5997 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ads[10].js 10709 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ads[2].js 10761 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ads[3].js 10709 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\7761[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\852739312[1].js 147 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\8675[1].js 1419 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\arrows[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ar_160_600[1].htm 807 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ar_160_600[2].htm 993 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ar_300_250[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ar_300_250[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ar_300_250[3].htm 991 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ar_300_250[4].htm 991 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\ar_300_250[5].htm 991 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\CFsk41nFtg9IdMoSZaDY6YYSZsbC1pzlyha4-0O1WGMRybcNsDxI-NooqbqzKSzpTKSb6B8rgs0LbkHEpEt_XZRlbOCtud3wBkvdHP0wdPumspd6CaGbjPuEtgDhMzfn1A8=[1].htm 185 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z19EWZX\chartbeat[1].js 6788 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2YDUHCQ\counter002[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2YDUHCQ\gw[1].js 8247 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2YDUHCQ\adsCA1EAJYU.js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2YDUHCQ\adsCAGMSDAQ.js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2YDUHCQ\ads[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2YDUHCQ\adtag[1].htm 440 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2YDUHCQ\ar_728_90[11].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOC7UCV8\banner[2].htm 2542 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOC7UCV8\cured_com[1].htm 47588 bytes

---- EOF - GMER 1.0.15 ----

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-10 23:43:49
-----------------------------
23:43:49.205 OS Version: Windows x64 6.1.7601 Service Pack 1
23:43:49.205 Number of processors: 3 586 0x503
23:43:49.205 ComputerName: KAREN-PC UserName: Karen
23:43:53.194 Initialize success
23:45:01.153 AVAST engine defs: 12061001
23:48:23.283 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:48:23.286 Disk 0 Vendor: WDC_WD5000BPVT-00HXZT1 01.01A01 Size: 476940MB BusType: 11
23:48:23.299 Disk 0 MBR read successfully
23:48:23.301 Disk 0 MBR scan
23:48:23.305 Disk 0 Windows 7 default MBR code
23:48:23.308 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:48:23.322 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
23:48:23.349 Disk 0 scanning C:\Windows\system32\drivers
23:48:34.077 Service scanning
23:49:03.919 Modules scanning
23:49:03.919 Disk 0 trace - called modules:
23:49:03.935 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:49:03.935 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004878060]
23:49:03.950 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047e9060]
23:49:06.694 AVAST engine scan C:\Windows
23:49:09.528 AVAST engine scan C:\Windows\system32
23:50:57.703 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
23:51:00.241 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
23:51:51.721 AVAST engine scan C:\Windows\system32\drivers
23:52:04.327 AVAST engine scan C:\Users\Karen
23:57:52.430 File: C:\Users\Karen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\21cb4deb-5fbe339f **INFECTED** Win32:Carberp-AHS [Trj]
00:02:34.968 AVAST engine scan C:\ProgramData
00:04:35.479 Scan finished successfully
00:14:54.582 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
00:14:54.597 The log file has been saved successfully to "E:\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:30 AM

Posted 10 June 2012 - 11:51 PM

Please post the malwarebytes log here

Download

Farbar Service Scanner

Launch it and type

services.exe in search box and click on search files

Post the generated log


Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

MiniToolBox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Edited by narenxp, 10 June 2012 - 11:53 PM.


#5 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 13 June 2012 - 10:51 PM

The Malwarebytes scan doesn't find anything anymore. I tried to look back in the history and see if the log was still there from the first scan, but it wasn't. Is there any way to retrieve it? Here's the other results.

Farbar Service Scanner Version: 09-06-2012
Ran by Karen (administrator) on 13-06-2012 at 22:39:33
Microsoft Windows 7 Professional Service Pack 1 (X64)

************************************************
======== Search: "services.exe" =========

C:\Windows\System32\services.exe
[2009-07-13 19:19] - [2009-07-13 21:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 19:19] - [2009-07-13 21:39] - 0328704 ____A (Microsoft Corporation)

====== End Of Search ======

C:\Users\Karen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\21cb4deb-5fbe339f a variant of Win32/Injector.SBM trojan cleaned by deleting - quarantined
C:\Users\Karen\FoxTabFLVPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\Users\Karen\FoxTabFLVPlayer\Uninstall\Uninstall.exe a variant of Win32/InstallCore.F application cleaned by deleting - quarantined
C:\Windows\Installer\{2490c966-34a5-635d-e8a5-4ceb9e6ad55a}\n Win64/Sirefef.W trojan cleaned by deleting (after the next restart) - quarantined
C:\Windows\Installer\{2490c966-34a5-635d-e8a5-4ceb9e6ad55a}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{2490c966-34a5-635d-e8a5-4ceb9e6ad55a}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Windows\Installer\{2490c966-34a5-635d-e8a5-4ceb9e6ad55a}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined
C:\Windows\Installer\{2490c966-34a5-635d-e8a5-4ceb9e6ad55a}\U\80000064.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan

MiniToolBox by Farbar Version: 09-06-2012
Ran by Karen (administrator) on 13-06-2012 at 23:47:10
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
Broadcom Virtual Wireless Adapter = Local Area Connection 2 (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Karen-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom Virtual Wireless Adapter
Physical Address. . . . . . . . . : 1C-65-9D-5D-01-C3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
Physical Address. . . . . . . . . : 1C-65-9D-5D-01-C3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::39b4:1761:ea2a:3ece%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.40(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, June 13, 2012 10:31:03 PM
Lease Expires . . . . . . . . . . : Thursday, June 14, 2012 10:31:03 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 303850909
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-E8-23-6E-F0-4D-A2-92-10-78
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{DC78C1FD-846F-455D-8F81-B0F3A70A73DC}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{545BE5C9-341C-435C-8ACE-8DFE834FED79}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.228.97] with 32 bytes of data:
Reply from 74.125.228.97: bytes=32 time=27ms TTL=51
Reply from 74.125.228.97: bytes=32 time=20ms TTL=51

Ping statistics for 74.125.228.97:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 20ms, Maximum = 27ms, Average = 23ms

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=92ms TTL=49
Reply from 72.30.38.140: bytes=32 time=92ms TTL=49

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 92ms, Maximum = 92ms, Average = 92ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...1c 65 9d 5d 01 c3 ......Broadcom Virtual Wireless Adapter
11...1c 65 9d 5d 01 c3 ......DW1501 Wireless-N WLAN Half-Mini Card
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.40 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.40 281
192.168.1.40 255.255.255.255 On-link 192.168.1.40 281
192.168.1.255 255.255.255.255 On-link 192.168.1.40 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.40 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.40 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::39b4:1761:ea2a:3ece/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be %SystemRoot%\system32\NLAapi.dll

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/13/2012 10:56:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/13/2012 10:56:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/13/2012 10:38:40 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/13/2012 10:38:33 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/09/2012 00:33:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 743438

Error: (06/09/2012 00:33:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 743438

Error: (06/09/2012 00:33:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/09/2012 00:21:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1201

Error: (06/09/2012 00:21:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1201

Error: (06/09/2012 00:21:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (06/13/2012 10:31:15 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (06/13/2012 10:31:15 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (06/10/2012 11:10:30 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (06/10/2012 11:10:30 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (06/09/2012 06:08:45 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (06/09/2012 06:08:45 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (06/09/2012 00:33:59 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (06/09/2012 00:33:59 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (06/09/2012 10:48:25 AM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 5 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/09/2012 10:31:53 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.7)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Advanced SystemCare 5 (Version: 5.3.0)
AMD USB Filter Driver (Version: 1.0.15.94)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.762.0)
Bonjour (Version: 3.0.0.10)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.1
Canon MX870 series MP Drivers
Canon MX870 series User Registration
Canon Speed Dial Utility
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0113.2208.39662)
Catalyst Control Center Graphics Full Existing (Version: 2010.0113.2208.39662)
Catalyst Control Center Graphics Full New (Version: 2010.0113.2208.39662)
Catalyst Control Center Graphics Light (Version: 2010.0113.2208.39662)
Catalyst Control Center Graphics Previews Common (Version: 2010.0113.2208.39662)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0113.2208.39662)
Catalyst Control Center InstallProxy (Version: 2010.0113.2208.39662)
Catalyst Control Center Localization All (Version: 2010.0113.2208.39662)
ccc-core-static (Version: 2010.0113.2208.39662)
ccc-utility64 (Version: 2010.0113.2208.39662)
CCC Help Chinese Standard (Version: 2010.0113.2207.39662)
CCC Help Chinese Traditional (Version: 2010.0113.2207.39662)
CCC Help Czech (Version: 2010.0113.2207.39662)
CCC Help Danish (Version: 2010.0113.2207.39662)
CCC Help Dutch (Version: 2010.0113.2207.39662)
CCC Help English (Version: 2010.0113.2207.39662)
CCC Help Finnish (Version: 2010.0113.2207.39662)
CCC Help French (Version: 2010.0113.2207.39662)
CCC Help German (Version: 2010.0113.2207.39662)
CCC Help Greek (Version: 2010.0113.2207.39662)
CCC Help Hungarian (Version: 2010.0113.2207.39662)
CCC Help Italian (Version: 2010.0113.2207.39662)
CCC Help Japanese (Version: 2010.0113.2207.39662)
CCC Help Korean (Version: 2010.0113.2207.39662)
CCC Help Norwegian (Version: 2010.0113.2207.39662)
CCC Help Polish (Version: 2010.0113.2207.39662)
CCC Help Portuguese (Version: 2010.0113.2207.39662)
CCC Help Russian (Version: 2010.0113.2207.39662)
CCC Help Spanish (Version: 2010.0113.2207.39662)
CCC Help Swedish (Version: 2010.0113.2207.39662)
CCC Help Thai (Version: 2010.0113.2207.39662)
CCC Help Turkish (Version: 2010.0113.2207.39662)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Dell Resource CD (Version: 1.00.0000)
DW WLAN Card Utility (Version: 5.60.48.18)
ESET Online Scanner v3
FoxTab Media Player
Google Chrome (Version: 19.0.1084.56)
iCloud (Version: 1.1.0.40)
IDT Audio (Version: 1.0.6267.0)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Netwaiting (Version: 2.5.59)
Quickset64 (Version: 10.5.0)
QuickTime (Version: 7.71.80.42)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.13.112.2010)
Road Runner Toolbar (Version: 6.5.2.8)
Safari (Version: 5.34.55.3)
Synaptics Pointing Device Driver (Version: 15.0.0.1)
Trend Micro Titanium (Version: 3.1.1109)
Trend Micro˘ Titanium˘ (Version: 3.00)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update Manager (Version: 4.60)

========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 3835.93 MB
Available physical RAM: 2261.86 MB
Total Pagefile: 7670.04 MB
Available Pagefile: 5896.73 MB
Total Virtual: 4095.88 MB
Available Virtual: 3952.44 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:415.39 GB) NTFS
3 Drive e: (KINGSTON) (Removable) (Total:14.53 GB) (Free:8.34 GB) FAT32

========================= Users: ========================================

User accounts for \\KAREN-PC

Administrator Guest Karen


**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:30 AM

Posted 13 June 2012 - 11:01 PM

Download

System look

Launch it and copy this script and paste it in search BOX

:folderfind
{2490c966-34a5-635d-e8a5-4ceb9e6ad55a}

Click on LOOK,post the generated log

#7 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 14 June 2012 - 10:06 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 22:57 on 14/06/2012 by Karen
Administrator - Elevation successful

========== folderfind ==========

Searching for "{2490c966-34a5-635d-e8a5-4ceb9e6ad55a}"
C:\Users\Karen\AppData\Local\{2490c966-34a5-635d-e8a5-4ceb9e6ad55a} d--hs-- [03:01 11/01/2012]
C:\Windows\Installer\{2490c966-34a5-635d-e8a5-4ceb9e6ad55a} d--hs-- [03:01 11/01/2012]

-= EOF =-

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:30 AM

Posted 14 June 2012 - 10:11 PM

Update malwarebytes and run once again.Please post the log here

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Users\Karen\AppData\Local
delete this folder-{2490c966-34a5-635d-e8a5-4ceb9e6ad55a}

C:\Windows\Installer
delete this folder -{2490c966-34a5-635d-e8a5-4ceb9e6ad55a}

Now ,launch system look again copy this script and paste in the BOX

:folderfind 
{2490c966-34a5-635d-e8a5-4ceb9e6ad55a}

Click on LOOK,post the generated log


Click on startmenu and type

cmd

Right click on it and select run as administrator and run this command

netsh winsock reset

Press ENTER

Now launch mini toolbox and check mark

List winsock entries


Click on GO and post the generated log

Edited by narenxp, 14 June 2012 - 10:15 PM.


#9 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 15 June 2012 - 11:40 AM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.15.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Karen :: KAREN-PC [administrator]

Protection: Enabled

6/15/2012 12:11:46 PM
mbam-log-2012-06-15 (12-11-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202350
Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{2490c966-34a5-635d-e8a5-4ceb9e6ad55a}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

SystemLook 30.07.11 by jpshortstuff
Log created at 12:24 on 15/06/2012 by Karen
Administrator - Elevation successful

========== folderfind ==========

Searching for "{2490c966-34a5-635d-e8a5-4ceb9e6ad55a}"
No folders found.

-= EOF =-

MiniToolBox by Farbar Version: 09-06-2012
Ran by Karen (administrator) on 15-06-2012 at 12:38:35
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be %SystemRoot%\system32\NLAapi.dll

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

**** End of log ****

#10 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 15 June 2012 - 11:42 AM

CAPS LOCK SO THIS STANDS OUT. AFTER THE WINSOCK RESET, THE WINDOW TOLD ME TO RESTART. YOU DIDN'T SO I RAN MINI TOOLBOX WITHOUT RESTARTING. I RESTARTED AND THEN RE-RAN MINI TOOLBOX. I HAVE POSTED BOTH RESULTS...

#11 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 15 June 2012 - 11:43 AM

MiniToolBox by Farbar Version: 09-06-2012
Ran by Karen (administrator) on 15-06-2012 at 12:42:41
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be %SystemRoot%\system32\NLAapi.dll

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

**** End of log ****

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:30 AM

Posted 15 June 2012 - 11:48 AM

Can you please re run aswmbr and post the log

#13 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 15 June 2012 - 10:10 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-15 22:38:02
-----------------------------
22:38:02.252 OS Version: Windows x64 6.1.7601 Service Pack 1
22:38:02.252 Number of processors: 3 586 0x503
22:38:02.252 ComputerName: KAREN-PC UserName: Karen
22:38:04.592 Initialize success
22:39:09.984 AVAST engine defs: 12061501
22:39:32.729 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:39:32.729 Disk 0 Vendor: WDC_WD5000BPVT-00HXZT1 01.01A01 Size: 476940MB BusType: 11
22:39:32.745 Disk 0 MBR read successfully
22:39:32.745 Disk 0 MBR scan
22:39:32.760 Disk 0 Windows 7 default MBR code
22:39:32.760 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:39:32.776 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
22:39:32.792 Disk 0 scanning C:\Windows\system32\drivers
22:39:44.679 Service scanning
22:40:15.941 Modules scanning
22:40:15.957 Disk 0 trace - called modules:
22:40:16.004 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:40:16.004 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800487b6f0]
22:40:16.019 3 CLASSPNP.SYS[fffff880019ac43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047ea060]
22:40:17.782 AVAST engine scan C:\Windows
22:40:20.294 AVAST engine scan C:\Windows\system32
22:42:53.236 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
22:42:56.824 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
22:44:11.439 AVAST engine scan C:\Windows\system32\drivers
22:44:31.095 AVAST engine scan C:\Users\Karen
22:55:41.384 AVAST engine scan C:\ProgramData
22:57:30.600 Scan finished successfully
23:09:13.677 Disk 0 MBR has been saved successfully to "E:\Karen\MBR.dat"
23:09:13.755 The log file has been saved successfully to "E:\Karen\aswMBR.txt"

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:30 AM

Posted 15 June 2012 - 10:45 PM

Press Windows+R key and type

notepad and click ok

Now copy this script
@echo off
del /f /s /q "C:\Windows\assembly\GAC_32\Desktop.ini"
del /f /s /q "C:\Windows\assembly\GAC_64\Desktop.ini"
del %0

Save it as

filename:remove.bat
Save as type:All types

Right click on the bat file and run as administrator

Now post the new aswmbr log

#15 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 15 June 2012 - 11:15 PM

The .bat file ran and it appeared to work, but aswmbr still finds those 2 files.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-16 00:03:43
-----------------------------
00:03:43.640 OS Version: Windows x64 6.1.7601 Service Pack 1
00:03:43.640 Number of processors: 3 586 0x503
00:03:43.640 ComputerName: KAREN-PC UserName: Karen
00:03:45.933 Initialize success
00:03:52.984 AVAST engine defs: 12061501
00:03:57.462 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:03:57.462 Disk 0 Vendor: WDC_WD5000BPVT-00HXZT1 01.01A01 Size: 476940MB BusType: 11
00:03:57.571 Disk 0 MBR read successfully
00:03:57.571 Disk 0 MBR scan
00:03:57.571 Disk 0 Windows 7 default MBR code
00:03:57.586 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:03:57.602 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
00:03:57.649 Disk 0 scanning C:\Windows\system32\drivers
00:04:17.102 Service scanning
00:04:51.375 Modules scanning
00:04:51.375 Disk 0 trace - called modules:
00:04:51.391 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
00:04:51.391 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800487b6f0]
00:04:51.407 3 CLASSPNP.SYS[fffff880019ac43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047ea060]
00:04:54.246 AVAST engine scan C:\Windows
00:05:55.710 AVAST engine scan C:\Windows\system32
00:07:56.439 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
00:07:58.825 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
00:08:56.701 AVAST engine scan C:\Windows\system32\drivers
00:09:11.209 AVAST engine scan C:\Users\Karen
00:14:51.571 Disk 0 MBR has been saved successfully to "E:\Karen\MBR.dat"
00:14:51.664 The log file has been saved successfully to "E:\Karen\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users