Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected trojandropper & others


  • Please log in to reply
5 replies to this topic

#1 frank1927

frank1927

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 10 June 2012 - 10:38 AM

I must have been somewhere I shouldn't have been. I picked up a few trojans/malware
Adobe flash player installer 11.3 keeps popping up. If I accept, a ping.exe*32 appears in task manager. If I ignore, then the installer keeps popping up
I ran malwarebytes & it showed trojandropper.bcminer. It reappears after removal & reboot
I ran sophos virus removal & it showed troj/sirefef-ap. It too reappears after removal & reboot
I ran eset & found the following

C:\$RECYCLE.BIN\S-1-5-21-3754737950-2128793594-2955686338-1000\$RDSCHBE.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3754737950-2128793594-2955686338-1000\$RFPP3L7.@ probably a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3754737950-2128793594-2955686338-1000\$RLXGX8R.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined
C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801}\U\80000064.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan

Help!
-frank

Edited by hamluis, 10 June 2012 - 11:02 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:48 PM

Posted 10 June 2012 - 11:31 AM

Re run malwarebytes and post the new log

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

MiniToolBox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Edited by narenxp, 10 June 2012 - 11:32 AM.


#3 frank1927

frank1927
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 10 June 2012 - 12:26 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Frank :: FRANK-HP [administrator]

6/10/2012 12:55:51 PM
mbam-log-2012-06-10 (12-55-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209538
Time elapsed: 1 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

Kaspersky TDSSkiller - no threats found

12:56:37.0573 10520 ============================================================
12:56:37.0573 10520 Current date / time: 2012/06/10 12:56:37.0573
12:56:37.0573 10520 SystemInfo:
12:56:37.0573 10520
12:56:37.0573 10520 OS Version: 6.1.7601 ServicePack: 1.0
12:56:37.0573 10520 Product type: Workstation
12:56:37.0573 10520 ComputerName: FRANK-HP
12:56:37.0573 10520 UserName: Frank
12:56:37.0573 10520 Windows directory: C:\Windows
12:56:37.0573 10520 System windows directory: C:\Windows
12:56:37.0573 10520 Running under WOW64
12:56:37.0573 10520 Processor architecture: Intel x64
12:56:37.0573 10520 Number of processors: 2
12:56:37.0573 10520 Page size: 0x1000
12:56:37.0573 10520 Boot type: Normal boot
12:56:37.0573 10520 ============================================================
12:56:38.0603 10520 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:56:38.0617 10520 ============================================================
12:56:38.0617 10520 \Device\Harddisk0\DR0:
12:56:38.0620 10520 MBR partitions:
12:56:38.0620 10520 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:56:38.0620 10520 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38D71000
12:56:38.0620 10520 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38DA3800, BlocksNum 0x15E2000
12:56:38.0620 10520 ============================================================
12:56:38.0672 10520 C: <-> \Device\Harddisk0\DR0\Partition1
12:56:38.0774 10520 D: <-> \Device\Harddisk0\DR0\Partition2
12:56:38.0775 10520 ============================================================
12:56:38.0775 10520 Initialize success
12:56:38.0775 10520 ============================================================
13:00:08.0887 10756 ============================================================
13:00:08.0887 10756 Scan started
13:00:08.0887 10756 Mode: Manual;
13:00:08.0887 10756 ============================================================
13:00:10.0502 10756 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:00:10.0504 10756 1394ohci - ok
13:00:10.0527 10756 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:00:10.0530 10756 ACPI - ok
13:00:10.0551 10756 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:00:10.0552 10756 AcpiPmi - ok
13:00:10.0586 10756 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:00:10.0592 10756 adp94xx - ok
13:00:10.0612 10756 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:00:10.0616 10756 adpahci - ok
13:00:10.0634 10756 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:00:10.0637 10756 adpu320 - ok
13:00:10.0687 10756 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:00:10.0687 10756 AeLookupSvc - ok
13:00:10.0725 10756 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:00:10.0729 10756 AFD - ok
13:00:10.0745 10756 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:00:10.0746 10756 agp440 - ok
13:00:10.0757 10756 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:00:10.0758 10756 ALG - ok
13:00:10.0784 10756 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:00:10.0785 10756 aliide - ok
13:00:10.0816 10756 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe
13:00:10.0818 10756 AMD External Events Utility - ok
13:00:10.0832 10756 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:00:10.0834 10756 amdide - ok
13:00:10.0843 10756 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:00:10.0845 10756 AmdK8 - ok
13:00:10.0989 10756 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
13:00:11.0080 10756 amdkmdag - ok
13:00:11.0153 10756 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
13:00:11.0156 10756 amdkmdap - ok
13:00:11.0178 10756 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:00:11.0179 10756 AmdPPM - ok
13:00:11.0215 10756 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:00:11.0216 10756 amdsata - ok
13:00:11.0245 10756 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:00:11.0247 10756 amdsbs - ok
13:00:11.0261 10756 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:00:11.0262 10756 amdxata - ok
13:00:11.0270 10756 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\drivers\amd_sata.sys
13:00:11.0271 10756 amd_sata - ok
13:00:11.0282 10756 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\drivers\amd_xata.sys
13:00:11.0283 10756 amd_xata - ok
13:00:11.0314 10756 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:00:11.0314 10756 AppID - ok
13:00:11.0332 10756 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:00:11.0333 10756 AppIDSvc - ok
13:00:11.0344 10756 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:00:11.0344 10756 Appinfo - ok
13:00:11.0368 10756 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:00:11.0370 10756 arc - ok
13:00:11.0385 10756 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:00:11.0386 10756 arcsas - ok
13:00:11.0464 10756 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:00:11.0464 10756 aspnet_state - ok
13:00:11.0500 10756 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:00:11.0500 10756 AsyncMac - ok
13:00:11.0524 10756 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:00:11.0525 10756 atapi - ok
13:00:11.0542 10756 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys
13:00:11.0543 10756 AtiPcie - ok
13:00:11.0578 10756 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:00:11.0584 10756 AudioEndpointBuilder - ok
13:00:11.0589 10756 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:00:11.0592 10756 AudioSrv - ok
13:00:11.0623 10756 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:00:11.0624 10756 AxInstSV - ok
13:00:11.0650 10756 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:00:11.0654 10756 b06bdrv - ok
13:00:11.0668 10756 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:00:11.0670 10756 b57nd60a - ok
13:00:11.0720 10756 BCMH43XX (23d68a29d1e12e593e99a7cf8f5f1b95) C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
13:00:11.0743 10756 BCMH43XX - ok
13:00:11.0758 10756 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:00:11.0759 10756 BDESVC - ok
13:00:11.0788 10756 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:00:11.0788 10756 Beep - ok
13:00:11.0918 10756 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120215.001\BHDrvx64.sys
13:00:11.0923 10756 BHDrvx64 - ok
13:00:11.0961 10756 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:00:11.0969 10756 BITS - ok
13:00:12.0011 10756 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
13:00:12.0012 10756 blbdrive - ok
13:00:12.0045 10756 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:00:12.0046 10756 bowser - ok
13:00:12.0069 10756 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:00:12.0069 10756 BrFiltLo - ok
13:00:12.0081 10756 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:00:12.0082 10756 BrFiltUp - ok
13:00:12.0094 10756 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:00:12.0095 10756 BridgeMP - ok
13:00:12.0120 10756 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:00:12.0121 10756 Browser - ok
13:00:12.0148 10756 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:00:12.0151 10756 Brserid - ok
13:00:12.0173 10756 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:00:12.0174 10756 BrSerWdm - ok
13:00:12.0181 10756 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:00:12.0183 10756 BrUsbMdm - ok
13:00:12.0196 10756 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:00:12.0197 10756 BrUsbSer - ok
13:00:12.0219 10756 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:00:12.0220 10756 BTHMODEM - ok
13:00:12.0246 10756 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:00:12.0247 10756 bthserv - ok
13:00:12.0314 10756 camdrv42 (19c8e65dc74d8240c3c8be0f8751b17e) C:\Windows\system32\DRIVERS\camdrv42.sys
13:00:12.0350 10756 camdrv42 - ok
13:00:12.0430 10756 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:00:12.0431 10756 cdfs - ok
13:00:12.0459 10756 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:00:12.0461 10756 cdrom - ok
13:00:12.0495 10756 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:00:12.0496 10756 CertPropSvc - ok
13:00:12.0518 10756 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:00:12.0520 10756 circlass - ok
13:00:12.0538 10756 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:00:12.0541 10756 CLFS - ok
13:00:12.0590 10756 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:00:12.0590 10756 clr_optimization_v2.0.50727_32 - ok
13:00:12.0620 10756 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:00:12.0621 10756 clr_optimization_v2.0.50727_64 - ok
13:00:12.0648 10756 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:00:12.0649 10756 clr_optimization_v4.0.30319_32 - ok
13:00:12.0671 10756 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:00:12.0672 10756 clr_optimization_v4.0.30319_64 - ok
13:00:12.0696 10756 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
13:00:12.0698 10756 CmBatt - ok
13:00:12.0724 10756 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:00:12.0725 10756 cmdide - ok
13:00:12.0759 10756 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:00:12.0763 10756 CNG - ok
13:00:12.0775 10756 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:00:12.0776 10756 Compbatt - ok
13:00:12.0798 10756 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:00:12.0799 10756 CompositeBus - ok
13:00:12.0806 10756 COMSysApp - ok
13:00:12.0818 10756 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:00:12.0819 10756 crcdisk - ok
13:00:12.0844 10756 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:00:12.0846 10756 CryptSvc - ok
13:00:12.0877 10756 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:00:12.0882 10756 DcomLaunch - ok
13:00:12.0900 10756 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:00:12.0903 10756 defragsvc - ok
13:00:12.0929 10756 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:00:12.0930 10756 DfsC - ok
13:00:12.0956 10756 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:00:12.0958 10756 Dhcp - ok
13:00:12.0966 10756 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:00:12.0966 10756 discache - ok
13:00:12.0990 10756 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:00:12.0992 10756 Disk - ok
13:00:13.0011 10756 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:00:13.0012 10756 Dnscache - ok
13:00:13.0031 10756 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:00:13.0033 10756 dot3svc - ok
13:00:13.0054 10756 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:00:13.0055 10756 DPS - ok
13:00:13.0084 10756 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:00:13.0085 10756 drmkaud - ok
13:00:13.0117 10756 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:00:13.0125 10756 DXGKrnl - ok
13:00:13.0169 10756 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:00:13.0170 10756 EapHost - ok
13:00:13.0269 10756 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:00:13.0312 10756 ebdrv - ok
13:00:13.0370 10756 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
13:00:13.0373 10756 eeCtrl - ok
13:00:13.0438 10756 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:00:13.0439 10756 EFS - ok
13:00:13.0482 10756 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:00:13.0485 10756 ehRecvr - ok
13:00:13.0510 10756 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:00:13.0511 10756 ehSched - ok
13:00:13.0557 10756 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:00:13.0562 10756 elxstor - ok
13:00:13.0642 10756 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:00:13.0643 10756 EraserUtilRebootDrv - ok
13:00:13.0666 10756 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:00:13.0667 10756 ErrDev - ok
13:00:13.0704 10756 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:00:13.0708 10756 EventSystem - ok
13:00:13.0733 10756 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:00:13.0734 10756 exfat - ok
13:00:13.0757 10756 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:00:13.0759 10756 fastfat - ok
13:00:13.0787 10756 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:00:13.0793 10756 Fax - ok
13:00:13.0824 10756 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:00:13.0824 10756 fdc - ok
13:00:13.0840 10756 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:00:13.0840 10756 fdPHost - ok
13:00:13.0847 10756 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:00:13.0848 10756 FDResPub - ok
13:00:13.0858 10756 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:00:13.0859 10756 FileInfo - ok
13:00:13.0872 10756 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:00:13.0872 10756 Filetrace - ok
13:00:13.0900 10756 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:00:13.0900 10756 flpydisk - ok
13:00:13.0920 10756 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:00:13.0922 10756 FltMgr - ok
13:00:13.0965 10756 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:00:13.0976 10756 FontCache - ok
13:00:14.0055 10756 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:00:14.0056 10756 FontCache3.0.0.0 - ok
13:00:14.0074 10756 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:00:14.0075 10756 FsDepends - ok
13:00:14.0105 10756 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:00:14.0105 10756 Fs_Rec - ok
13:00:14.0128 10756 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:00:14.0130 10756 fvevol - ok
13:00:14.0152 10756 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:00:14.0153 10756 gagp30kx - ok
13:00:14.0211 10756 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
13:00:14.0212 10756 GamesAppService - ok
13:00:14.0241 10756 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:00:14.0247 10756 gpsvc - ok
13:00:14.0301 10756 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:00:14.0302 10756 gupdate - ok
13:00:14.0305 10756 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:00:14.0305 10756 gupdatem - ok
13:00:14.0313 10756 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:00:14.0314 10756 hcw85cir - ok
13:00:14.0352 10756 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:00:14.0355 10756 HdAudAddService - ok
13:00:14.0390 10756 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:00:14.0391 10756 HDAudBus - ok
13:00:14.0406 10756 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:00:14.0407 10756 HidBatt - ok
13:00:14.0422 10756 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:00:14.0423 10756 HidBth - ok
13:00:14.0442 10756 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:00:14.0443 10756 HidIr - ok
13:00:14.0459 10756 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:00:14.0460 10756 hidserv - ok
13:00:14.0483 10756 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:00:14.0485 10756 HidUsb - ok
13:00:14.0513 10756 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:00:14.0514 10756 hkmsvc - ok
13:00:14.0535 10756 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:00:14.0537 10756 HomeGroupListener - ok
13:00:14.0552 10756 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:00:14.0555 10756 HomeGroupProvider - ok
13:00:14.0613 10756 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
13:00:14.0613 10756 HP Support Assistant Service - ok
13:00:14.0656 10756 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
13:00:14.0658 10756 HPClientSvc - ok
13:00:14.0687 10756 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
13:00:14.0688 10756 HPDrvMntSvc.exe - ok
13:00:14.0730 10756 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
13:00:14.0734 10756 hpqwmiex - ok
13:00:14.0815 10756 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:00:14.0817 10756 HpSAMD - ok
13:00:14.0866 10756 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:00:14.0872 10756 HTTP - ok
13:00:14.0881 10756 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:00:14.0881 10756 hwpolicy - ok
13:00:14.0910 10756 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:00:14.0911 10756 i8042prt - ok
13:00:14.0957 10756 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:00:14.0961 10756 iaStorV - ok
13:00:15.0080 10756 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:00:15.0081 10756 IDriverT - ok
13:00:15.0154 10756 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:00:15.0159 10756 idsvc - ok
13:00:15.0261 10756 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120224.002\IDSvia64.sys
13:00:15.0263 10756 IDSVia64 - ok
13:00:15.0604 10756 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:00:15.0685 10756 igfx - ok
13:00:15.0789 10756 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:00:15.0790 10756 iirsp - ok
13:00:15.0851 10756 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:00:15.0858 10756 IKEEXT - ok
13:00:15.0946 10756 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
13:00:15.0984 10756 IntcAzAudAddService - ok
13:00:16.0060 10756 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:00:16.0060 10756 intelide - ok
13:00:16.0075 10756 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
13:00:16.0077 10756 intelppm - ok
13:00:16.0101 10756 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:00:16.0102 10756 IPBusEnum - ok
13:00:16.0124 10756 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:00:16.0124 10756 IpFilterDriver - ok
13:00:16.0163 10756 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:00:16.0168 10756 iphlpsvc - ok
13:00:16.0189 10756 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:00:16.0191 10756 IPMIDRV - ok
13:00:16.0220 10756 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:00:16.0221 10756 IPNAT - ok
13:00:16.0240 10756 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:00:16.0240 10756 IRENUM - ok
13:00:16.0260 10756 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:00:16.0261 10756 isapnp - ok
13:00:16.0279 10756 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:00:16.0282 10756 iScsiPrt - ok
13:00:16.0297 10756 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:00:16.0298 10756 kbdclass - ok
13:00:16.0309 10756 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:00:16.0310 10756 kbdhid - ok
13:00:16.0335 10756 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:00:16.0336 10756 KeyIso - ok
13:00:16.0342 10756 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:00:16.0343 10756 KSecDD - ok
13:00:16.0360 10756 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:00:16.0361 10756 KSecPkg - ok
13:00:16.0374 10756 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:00:16.0375 10756 ksthunk - ok
13:00:16.0408 10756 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:00:16.0412 10756 KtmRm - ok
13:00:16.0446 10756 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:00:16.0449 10756 LanmanServer - ok
13:00:16.0460 10756 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:00:16.0461 10756 LanmanWorkstation - ok
13:00:16.0488 10756 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:00:16.0488 10756 lltdio - ok
13:00:16.0513 10756 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:00:16.0516 10756 lltdsvc - ok
13:00:16.0532 10756 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:00:16.0532 10756 lmhosts - ok
13:00:16.0558 10756 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:00:16.0560 10756 LSI_FC - ok
13:00:16.0589 10756 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:00:16.0590 10756 LSI_SAS - ok
13:00:16.0603 10756 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:00:16.0605 10756 LSI_SAS2 - ok
13:00:16.0630 10756 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:00:16.0632 10756 LSI_SCSI - ok
13:00:16.0664 10756 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:00:16.0664 10756 luafv - ok
13:00:16.0682 10756 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:00:16.0684 10756 Mcx2Svc - ok
13:00:16.0696 10756 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:00:16.0696 10756 megasas - ok
13:00:16.0710 10756 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:00:16.0713 10756 MegaSR - ok
13:00:16.0727 10756 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:00:16.0728 10756 MMCSS - ok
13:00:16.0743 10756 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:00:16.0743 10756 Modem - ok
13:00:16.0784 10756 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:00:16.0784 10756 monitor - ok
13:00:16.0809 10756 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:00:16.0810 10756 mouclass - ok
13:00:16.0813 10756 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:00:16.0814 10756 mouhid - ok
13:00:16.0827 10756 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:00:16.0828 10756 mountmgr - ok
13:00:16.0868 10756 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:00:16.0869 10756 MozillaMaintenance - ok
13:00:16.0881 10756 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:00:16.0883 10756 mpio - ok
13:00:16.0894 10756 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:00:16.0895 10756 mpsdrv - ok
13:00:16.0915 10756 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:00:16.0916 10756 MRxDAV - ok
13:00:16.0939 10756 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:00:16.0940 10756 mrxsmb - ok
13:00:16.0957 10756 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:00:16.0959 10756 mrxsmb10 - ok
13:00:16.0971 10756 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:00:16.0972 10756 mrxsmb20 - ok
13:00:17.0011 10756 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:00:17.0012 10756 msahci - ok
13:00:17.0038 10756 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:00:17.0041 10756 msdsm - ok
13:00:17.0071 10756 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:00:17.0073 10756 MSDTC - ok
13:00:17.0099 10756 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:00:17.0100 10756 Msfs - ok
13:00:17.0117 10756 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:00:17.0118 10756 mshidkmdf - ok
13:00:17.0134 10756 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:00:17.0135 10756 msisadrv - ok
13:00:17.0161 10756 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:00:17.0163 10756 MSiSCSI - ok
13:00:17.0165 10756 msiserver - ok
13:00:17.0192 10756 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:00:17.0193 10756 MSKSSRV - ok
13:00:17.0201 10756 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:00:17.0201 10756 MSPCLOCK - ok
13:00:17.0212 10756 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:00:17.0212 10756 MSPQM - ok
13:00:17.0238 10756 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:00:17.0240 10756 MsRPC - ok
13:00:17.0260 10756 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:00:17.0260 10756 mssmbios - ok
13:00:17.0271 10756 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:00:17.0271 10756 MSTEE - ok
13:00:17.0292 10756 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:00:17.0293 10756 MTConfig - ok
13:00:17.0304 10756 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:00:17.0305 10756 Mup - ok
13:00:17.0334 10756 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:00:17.0338 10756 napagent - ok
13:00:17.0359 10756 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:00:17.0362 10756 NativeWifiP - ok
13:00:17.0449 10756 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120224.018\ENG64.SYS
13:00:17.0450 10756 NAVENG - ok
13:00:17.0505 10756 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120224.018\EX64.SYS
13:00:17.0516 10756 NAVEX15 - ok
13:00:17.0628 10756 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:00:17.0636 10756 NDIS - ok
13:00:17.0659 10756 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:00:17.0660 10756 NdisCap - ok
13:00:17.0678 10756 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:00:17.0679 10756 NdisTapi - ok
13:00:17.0723 10756 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:00:17.0724 10756 Ndisuio - ok
13:00:17.0756 10756 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:00:17.0758 10756 NdisWan - ok
13:00:17.0789 10756 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:00:17.0790 10756 NDProxy - ok
13:00:17.0801 10756 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:00:17.0802 10756 NetBIOS - ok
13:00:17.0818 10756 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:00:17.0820 10756 NetBT - ok
13:00:17.0842 10756 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:00:17.0843 10756 Netlogon - ok
13:00:17.0868 10756 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:00:17.0871 10756 Netman - ok
13:00:17.0953 10756 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:00:17.0954 10756 NetMsmqActivator - ok
13:00:17.0957 10756 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:00:17.0958 10756 NetPipeActivator - ok
13:00:17.0980 10756 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:00:17.0986 10756 netprofm - ok
13:00:17.0990 10756 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:00:17.0991 10756 NetTcpActivator - ok
13:00:17.0995 10756 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:00:17.0996 10756 NetTcpPortSharing - ok
13:00:18.0039 10756 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:00:18.0040 10756 nfrd960 - ok
13:00:18.0118 10756 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
13:00:18.0118 10756 NIS - ok
13:00:18.0132 10756 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:00:18.0135 10756 NlaSvc - ok
13:00:18.0242 10756 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
13:00:18.0257 10756 NOBU - ok
13:00:18.0330 10756 NPF (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\DRIVERS\npf.sys
13:00:18.0331 10756 NPF - ok
13:00:18.0345 10756 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:00:18.0346 10756 Npfs - ok
13:00:18.0363 10756 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:00:18.0364 10756 nsi - ok
13:00:18.0370 10756 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:00:18.0371 10756 nsiproxy - ok
13:00:18.0430 10756 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:00:18.0467 10756 Ntfs - ok
13:00:18.0530 10756 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:00:18.0530 10756 Null - ok
13:00:18.0565 10756 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:00:18.0567 10756 nvraid - ok
13:00:18.0584 10756 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:00:18.0587 10756 nvstor - ok
13:00:18.0605 10756 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:00:18.0606 10756 nv_agp - ok
13:00:18.0628 10756 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:00:18.0629 10756 ohci1394 - ok
13:00:18.0699 10756 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:00:18.0700 10756 ose - ok
13:00:18.0846 10756 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:00:18.0868 10756 osppsvc - ok
13:00:18.0945 10756 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:00:18.0948 10756 p2pimsvc - ok
13:00:18.0970 10756 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:00:18.0974 10756 p2psvc - ok
13:00:19.0018 10756 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:00:19.0020 10756 Parport - ok
13:00:19.0039 10756 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:00:19.0040 10756 partmgr - ok
13:00:19.0050 10756 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:00:19.0051 10756 PcaSvc - ok
13:00:19.0064 10756 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:00:19.0066 10756 pci - ok
13:00:19.0083 10756 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:00:19.0084 10756 pciide - ok
13:00:19.0102 10756 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:00:19.0105 10756 pcmcia - ok
13:00:19.0125 10756 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:00:19.0125 10756 pcw - ok
13:00:19.0157 10756 pdfcDispatcher - ok
13:00:19.0182 10756 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:00:19.0188 10756 PEAUTH - ok
13:00:19.0250 10756 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:00:19.0251 10756 PerfHost - ok
13:00:19.0504 10756 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\32788R22FWJFW\pev.3XE
13:00:19.0506 10756 PEVSystemStart - ok
13:00:19.0594 10756 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:00:19.0617 10756 pla - ok
13:00:19.0655 10756 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:00:19.0659 10756 PlugPlay - ok
13:00:19.0673 10756 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:00:19.0674 10756 PNRPAutoReg - ok
13:00:19.0698 10756 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:00:19.0700 10756 PNRPsvc - ok
13:00:19.0729 10756 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:00:19.0733 10756 PolicyAgent - ok
13:00:19.0756 10756 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:00:19.0757 10756 Power - ok
13:00:19.0788 10756 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:00:19.0789 10756 PptpMiniport - ok
13:00:19.0806 10756 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:00:19.0808 10756 Processor - ok
13:00:19.0829 10756 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:00:19.0832 10756 ProfSvc - ok
13:00:19.0856 10756 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:00:19.0857 10756 ProtectedStorage - ok
13:00:19.0876 10756 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:00:19.0877 10756 Psched - ok
13:00:19.0925 10756 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:00:19.0954 10756 ql2300 - ok
13:00:20.0030 10756 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:00:20.0032 10756 ql40xx - ok
13:00:20.0055 10756 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:00:20.0057 10756 QWAVE - ok
13:00:20.0084 10756 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:00:20.0085 10756 QWAVEdrv - ok
13:00:20.0097 10756 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:00:20.0098 10756 RasAcd - ok
13:00:20.0112 10756 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:00:20.0114 10756 RasAgileVpn - ok
13:00:20.0133 10756 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:00:20.0135 10756 RasAuto - ok
13:00:20.0153 10756 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:00:20.0154 10756 Rasl2tp - ok
13:00:20.0169 10756 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:00:20.0172 10756 RasMan - ok
13:00:20.0187 10756 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:00:20.0187 10756 RasPppoe - ok
13:00:20.0201 10756 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:00:20.0202 10756 RasSstp - ok
13:00:20.0218 10756 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:00:20.0220 10756 rdbss - ok
13:00:20.0242 10756 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
13:00:20.0243 10756 rdpbus - ok
13:00:20.0258 10756 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:00:20.0258 10756 RDPCDD - ok
13:00:20.0280 10756 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:00:20.0281 10756 RDPENCDD - ok
13:00:20.0296 10756 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:00:20.0296 10756 RDPREFMP - ok
13:00:20.0329 10756 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:00:20.0331 10756 RDPWD - ok
13:00:20.0346 10756 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:00:20.0349 10756 rdyboost - ok
13:00:20.0378 10756 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:00:20.0380 10756 RemoteAccess - ok
13:00:20.0406 10756 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:00:20.0407 10756 RemoteRegistry - ok
13:00:20.0469 10756 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
13:00:20.0471 10756 RoxioNow Service - ok
13:00:20.0488 10756 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:00:20.0489 10756 RpcEptMapper - ok
13:00:20.0503 10756 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:00:20.0503 10756 RpcLocator - ok
13:00:20.0813 10756 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:00:20.0816 10756 RpcSs - ok
13:00:20.0870 10756 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:00:20.0871 10756 rspndr - ok
13:00:20.0903 10756 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:00:20.0907 10756 RTL8167 - ok
13:00:20.0930 10756 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:00:20.0931 10756 SamSs - ok
13:00:20.0994 10756 SamsungAllShareV2.0 (328100af2efd951eab657384ec361b6f) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
13:00:20.0994 10756 SamsungAllShareV2.0 - ok
13:00:21.0014 10756 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:00:21.0016 10756 sbp2port - ok
13:00:21.0049 10756 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:00:21.0051 10756 SCardSvr - ok
13:00:21.0067 10756 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:00:21.0068 10756 scfilter - ok
13:00:21.0106 10756 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:00:21.0115 10756 Schedule - ok
13:00:21.0131 10756 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
13:00:21.0132 10756 SCMNdisP - ok
13:00:21.0152 10756 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:00:21.0153 10756 SCPolicySvc - ok
13:00:21.0172 10756 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:00:21.0174 10756 SDRSVC - ok
13:00:21.0195 10756 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:00:21.0196 10756 secdrv - ok
13:00:21.0209 10756 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:00:21.0210 10756 seclogon - ok
13:00:21.0226 10756 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:00:21.0227 10756 SENS - ok
13:00:21.0245 10756 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:00:21.0246 10756 SensrSvc - ok
13:00:21.0280 10756 Ser2pl (9f6490423ac3271e84a90a0dd9d30a3b) C:\Windows\system32\DRIVERS\ser2pl64.sys
13:00:21.0282 10756 Ser2pl - ok
13:00:21.0315 10756 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:00:21.0316 10756 Serenum - ok
13:00:21.0332 10756 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
13:00:21.0334 10756 Serial - ok
13:00:21.0354 10756 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:00:21.0354 10756 sermouse - ok
13:00:21.0389 10756 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:00:21.0390 10756 SessionEnv - ok
13:00:21.0404 10756 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:00:21.0405 10756 sffdisk - ok
13:00:21.0415 10756 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:00:21.0416 10756 sffp_mmc - ok
13:00:21.0422 10756 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:00:21.0422 10756 sffp_sd - ok
13:00:21.0431 10756 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:00:21.0432 10756 sfloppy - ok
13:00:21.0454 10756 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:00:21.0457 10756 ShellHWDetection - ok
13:00:21.0523 10756 SimpleSlideShowServer (1980fe1f5a32067dad1d8776b63c2669) C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
13:00:21.0524 10756 SimpleSlideShowServer - ok
13:00:21.0543 10756 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:00:21.0544 10756 SiSRaid2 - ok
13:00:21.0559 10756 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:00:21.0560 10756 SiSRaid4 - ok
13:00:21.0668 10756 Skype C2C Service (4ca43b85f22c7739311788b651a779cb) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:00:21.0689 10756 Skype C2C Service - ok
13:00:21.0746 10756 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
13:00:21.0746 10756 SkypeUpdate - ok
13:00:21.0808 10756 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:00:21.0809 10756 Smb - ok
13:00:21.0837 10756 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:00:21.0838 10756 SNMPTRAP - ok
13:00:21.0851 10756 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:00:21.0851 10756 spldr - ok
13:00:21.0868 10756 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:00:21.0873 10756 Spooler - ok
13:00:21.0953 10756 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:00:22.0000 10756 sppsvc - ok
13:00:22.0054 10756 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:00:22.0056 10756 sppuinotify - ok
13:00:22.0149 10756 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207010.003\SRTSP64.SYS
13:00:22.0158 10756 SRTSP - ok
13:00:22.0167 10756 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207010.003\SRTSPX64.SYS
13:00:22.0168 10756 SRTSPX - ok
13:00:22.0193 10756 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:00:22.0197 10756 srv - ok
13:00:22.0216 10756 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:00:22.0220 10756 srv2 - ok
13:00:22.0235 10756 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:00:22.0237 10756 srvnet - ok
13:00:22.0258 10756 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:00:22.0260 10756 SSDPSRV - ok
13:00:22.0267 10756 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:00:22.0268 10756 SstpSvc - ok
13:00:22.0283 10756 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:00:22.0285 10756 stexstor - ok
13:00:22.0326 10756 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:00:22.0332 10756 stisvc - ok
13:00:22.0353 10756 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:00:22.0353 10756 swenum - ok
13:00:22.0371 10756 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:00:22.0376 10756 swprv - ok
13:00:22.0441 10756 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS
13:00:22.0446 10756 SymDS - ok
13:00:22.0487 10756 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS
13:00:22.0495 10756 SymEFA - ok
13:00:22.0522 10756 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
13:00:22.0524 10756 SymEvent - ok
13:00:22.0540 10756 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS
13:00:22.0542 10756 SymIRON - ok
13:00:22.0563 10756 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS
13:00:22.0567 10756 SymNetS - ok
13:00:22.0628 10756 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:00:22.0655 10756 SysMain - ok
13:00:22.0710 10756 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:00:22.0712 10756 TabletInputService - ok
13:00:22.0725 10756 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:00:22.0728 10756 TapiSrv - ok
13:00:22.0736 10756 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:00:22.0737 10756 TBS - ok
13:00:22.0798 10756 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:00:22.0825 10756 Tcpip - ok
13:00:22.0931 10756 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:00:22.0940 10756 TCPIP6 - ok
13:00:23.0018 10756 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:00:23.0018 10756 tcpipreg - ok
13:00:23.0027 10756 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:00:23.0028 10756 TDPIPE - ok
13:00:23.0046 10756 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:00:23.0047 10756 TDTCP - ok
13:00:23.0059 10756 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:00:23.0059 10756 tdx - ok
13:00:23.0075 10756 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:00:23.0076 10756 TermDD - ok
13:00:23.0115 10756 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:00:23.0121 10756 TermService - ok
13:00:23.0139 10756 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:00:23.0140 10756 Themes - ok
13:00:23.0153 10756 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:00:23.0154 10756 THREADORDER - ok
13:00:23.0162 10756 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:00:23.0163 10756 TrkWks - ok
13:00:23.0195 10756 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:00:23.0196 10756 TrustedInstaller - ok
13:00:23.0208 10756 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:00:23.0208 10756 tssecsrv - ok
13:00:23.0234 10756 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:00:23.0234 10756 TsUsbFlt - ok
13:00:23.0258 10756 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:00:23.0259 10756 TsUsbGD - ok
13:00:23.0290 10756 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:00:23.0290 10756 tunnel - ok
13:00:23.0306 10756 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:00:23.0307 10756 uagp35 - ok
13:00:23.0325 10756 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:00:23.0328 10756 udfs - ok
13:00:23.0357 10756 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:00:23.0358 10756 UI0Detect - ok
13:00:23.0374 10756 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:00:23.0375 10756 uliagpkx - ok
13:00:23.0392 10756 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:00:23.0393 10756 umbus - ok
13:00:23.0416 10756 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:00:23.0416 10756 UmPass - ok
13:00:23.0434 10756 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:00:23.0437 10756 upnphost - ok
13:00:23.0475 10756 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\DRIVERS\usbaudio.sys
13:00:23.0477 10756 usbaudio - ok
13:00:23.0498 10756 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:00:23.0500 10756 usbccgp - ok
13:00:23.0518 10756 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:00:23.0519 10756 usbcir - ok
13:00:23.0531 10756 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:00:23.0532 10756 usbehci - ok
13:00:23.0538 10756 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\drivers\usbfilter.sys
13:00:23.0539 10756 usbfilter - ok
13:00:23.0564 10756 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:00:23.0567 10756 usbhub - ok
13:00:23.0580 10756 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
13:00:23.0581 10756 usbohci - ok
13:00:23.0590 10756 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:00:23.0591 10756 usbprint - ok
13:00:23.0607 10756 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:00:23.0609 10756 USBSTOR - ok
13:00:23.0622 10756 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:00:23.0623 10756 usbuhci - ok
13:00:23.0640 10756 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:00:23.0642 10756 UxSms - ok
13:00:23.0668 10756 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:00:23.0670 10756 VaultSvc - ok
13:00:23.0691 10756 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:00:23.0692 10756 vdrvroot - ok
13:00:23.0713 10756 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:00:23.0718 10756 vds - ok
13:00:23.0746 10756 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:00:23.0747 10756 vga - ok
13:00:23.0757 10756 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:00:23.0758 10756 VgaSave - ok
13:00:23.0778 10756 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:00:23.0780 10756 vhdmp - ok
13:00:23.0805 10756 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:00:23.0806 10756 viaide - ok
13:00:23.0819 10756 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:00:23.0820 10756 volmgr - ok
13:00:23.0837 10756 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:00:23.0841 10756 volmgrx - ok
13:00:23.0856 10756 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:00:23.0859 10756 volsnap - ok
13:00:23.0881 10756 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:00:23.0883 10756 vsmraid - ok
13:00:23.0940 10756 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:00:23.0967 10756 VSS - ok
13:00:24.0045 10756 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:00:24.0045 10756 vwifibus - ok
13:00:24.0056 10756 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:00:24.0057 10756 vwififlt - ok
13:00:24.0069 10756 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:00:24.0069 10756 vwifimp - ok
13:00:24.0091 10756 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:00:24.0094 10756 W32Time - ok
13:00:24.0116 10756 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:00:24.0117 10756 WacomPen - ok
13:00:24.0150 10756 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:00:24.0151 10756 WANARP - ok
13:00:24.0154 10756 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:00:24.0155 10756 Wanarpv6 - ok
13:00:24.0216 10756 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:00:24.0240 10756 WatAdminSvc - ok
13:00:24.0293 10756 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:00:24.0313 10756 wbengine - ok
13:00:24.0382 10756 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:00:24.0385 10756 WbioSrvc - ok
13:00:24.0397 10756 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:00:24.0401 10756 wcncsvc - ok
13:00:24.0412 10756 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:00:24.0413 10756 WcsPlugInService - ok
13:00:24.0446 10756 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:00:24.0447 10756 Wd - ok
13:00:24.0481 10756 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:00:24.0486 10756 Wdf01000 - ok
13:00:24.0494 10756 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:00:24.0496 10756 WdiServiceHost - ok
13:00:24.0498 10756 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:00:24.0500 10756 WdiSystemHost - ok
13:00:24.0514 10756 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:00:24.0517 10756 WebClient - ok
13:00:24.0535 10756 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:00:24.0538 10756 Wecsvc - ok
13:00:24.0556 10756 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:00:24.0557 10756 wercplsupport - ok
13:00:24.0572 10756 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:00:24.0573 10756 WerSvc - ok
13:00:24.0616 10756 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:00:24.0616 10756 WfpLwf - ok
13:00:24.0628 10756 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:00:24.0629 10756 WIMMount - ok
13:00:24.0652 10756 WinDefend - ok
13:00:24.0660 10756 WinHttpAutoProxySvc - ok
13:00:24.0700 10756 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:00:24.0703 10756 Winmgmt - ok
13:00:24.0760 10756 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:00:24.0793 10756 WinRM - ok
13:00:24.0882 10756 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:00:24.0891 10756 Wlansvc - ok
13:00:24.0971 10756 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:00:24.0972 10756 wlcrasvc - ok
13:00:25.0040 10756 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:00:25.0050 10756 wlidsvc - ok
13:00:25.0121 10756 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:00:25.0121 10756 WmiAcpi - ok
13:00:25.0160 10756 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:00:25.0162 10756 wmiApSrv - ok
13:00:25.0189 10756 WMPNetworkSvc - ok
13:00:25.0206 10756 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:00:25.0208 10756 WPCSvc - ok
13:00:25.0226 10756 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:00:25.0227 10756 WPDBusEnum - ok
13:00:25.0254 10756 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:00:25.0254 10756 ws2ifsl - ok
13:00:25.0283 10756 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:00:25.0285 10756 wscsvc - ok
13:00:25.0287 10756 WSearch - ok
13:00:25.0314 10756 WSWNA3100 (d0697918519a4cf059c2c7e3b9e93a53) C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
13:00:25.0315 10756 WSWNA3100 - ok
13:00:25.0376 10756 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:00:25.0408 10756 wuauserv - ok
13:00:25.0486 10756 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:00:25.0487 10756 WudfPf - ok
13:00:25.0506 10756 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:00:25.0508 10756 WUDFRd - ok
13:00:25.0525 10756 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:00:25.0527 10756 wudfsvc - ok
13:00:25.0544 10756 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:00:25.0547 10756 WwanSvc - ok
13:00:25.0581 10756 MBR (0x1B8) (0dae970f10554d1bafc1dc103d707182) \Device\Harddisk0\DR0
13:00:25.0725 10756 \Device\Harddisk0\DR0 - ok
13:00:25.0727 10756 Boot (0x1200) (cbd7ff01756e9b86e30866b9787cbae5) \Device\Harddisk0\DR0\Partition0
13:00:25.0729 10756 \Device\Harddisk0\DR0\Partition0 - ok
13:00:25.0743 10756 Boot (0x1200) (615c998af39914b9c67b660df2b078cc) \Device\Harddisk0\DR0\Partition1
13:00:25.0744 10756 \Device\Harddisk0\DR0\Partition1 - ok
13:00:25.0773 10756 Boot (0x1200) (ec01c9cb0417ca1eb64d638cd91b482f) \Device\Harddisk0\DR0\Partition2
13:00:25.0777 10756 \Device\Harddisk0\DR0\Partition2 - ok
13:00:25.0778 10756 ============================================================
13:00:25.0778 10756 Scan finished
13:00:25.0778 10756 ============================================================
13:00:25.0786 7376 Detected object count: 0
13:00:25.0786 7376 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-10 13:03:55
-----------------------------
13:03:55.594 OS Version: Windows x64 6.1.7601 Service Pack 1
13:03:55.594 Number of processors: 2 586 0x603
13:03:55.595 ComputerName: FRANK-HP UserName: Frank
13:03:58.329 Initialize success
13:07:10.074 AVAST engine defs: 12061000
13:07:23.616 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
13:07:23.618 Disk 0 Vendor: ST350041 HP63 Size: 476940MB BusType: 11
13:07:23.626 Disk 0 MBR read successfully
13:07:23.628 Disk 0 MBR scan
13:07:23.633 Disk 0 unknown MBR code
13:07:23.642 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:07:23.655 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465634 MB offset 206848
13:07:23.684 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11204 MB offset 953825280
13:07:23.734 Disk 0 scanning C:\Windows\system32\drivers
13:07:32.572 Service scanning
13:07:52.977 Modules scanning
13:07:52.983 Disk 0 trace - called modules:
13:07:53.019 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
13:07:53.022 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006dbf060]
13:07:53.027 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8006db1040]
13:07:53.032 5 amd_xata.sys[fffff88000e948b4] -> nt!IofCallDriver -> \Device\0000005d[0xfffffa8006dad060]
13:07:55.724 AVAST engine scan C:\Windows
13:07:57.409 AVAST engine scan C:\Windows\system32
13:09:23.188 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:09:24.800 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:10:50.843 AVAST engine scan C:\Windows\system32\drivers
13:11:09.398 AVAST engine scan C:\Users\Frank
13:13:44.424 Disk 0 MBR has been saved successfully to "C:\Users\Frank\Documents\MBR.dat"
13:13:44.425 The log file has been saved successfully to "C:\Users\Frank\Documents\aswMBR6.10.2012.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-10 13:03:55
-----------------------------
13:03:55.594 OS Version: Windows x64 6.1.7601 Service Pack 1
13:03:55.594 Number of processors: 2 586 0x603
13:03:55.595 ComputerName: FRANK-HP UserName: Frank
13:03:58.329 Initialize success
13:07:10.074 AVAST engine defs: 12061000
13:07:23.616 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
13:07:23.618 Disk 0 Vendor: ST350041 HP63 Size: 476940MB BusType: 11
13:07:23.626 Disk 0 MBR read successfully
13:07:23.628 Disk 0 MBR scan
13:07:23.633 Disk 0 unknown MBR code
13:07:23.642 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:07:23.655 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465634 MB offset 206848
13:07:23.684 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11204 MB offset 953825280
13:07:23.734 Disk 0 scanning C:\Windows\system32\drivers
13:07:32.572 Service scanning
13:07:52.977 Modules scanning
13:07:52.983 Disk 0 trace - called modules:
13:07:53.019 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
13:07:53.022 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006dbf060]
13:07:53.027 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8006db1040]
13:07:53.032 5 amd_xata.sys[fffff88000e948b4] -> nt!IofCallDriver -> \Device\0000005d[0xfffffa8006dad060]
13:07:55.724 AVAST engine scan C:\Windows
13:07:57.409 AVAST engine scan C:\Windows\system32
13:09:23.188 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:09:24.800 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]

13:10:50.843 AVAST engine scan C:\Windows\system32\drivers
13:11:09.398 AVAST engine scan C:\Users\Frank
13:13:44.424 Disk 0 MBR has been saved successfully to "C:\Users\Frank\Documents\MBR.dat"
13:13:44.425 The log file has been saved successfully to "C:\Users\Frank\Documents\aswMBR6.10.2012.txt"
13:14:19.150 AVAST engine scan C:\ProgramData
13:14:57.690 Scan finished successfully
13:15:08.749 Disk 0 MBR has been saved successfully to "C:\Users\Frank\Documents\MBR.dat"
13:15:08.755 The log file has been saved successfully to "C:\Users\Frank\Documents\aswMBR6.10.2012.txt"


[b]MiniToolBox by Farbar Version: 09-06-2012

Ran by Frank (administrator) on 10-06-2012 at 13:18:41
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

NETGEAR WNA3100 N300 Wireless USB Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Frank-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : C4-3D-C7-BE-8B-0A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NETGEAR WNA3100 N300 Wireless USB Adapter
Physical Address. . . . . . . . . : C4-3D-C7-BE-8B-0A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3148:4dd8:430d:583f%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.16(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, June 10, 2012 10:49:59 AM
Lease Expires . . . . . . . . . . : Monday, June 11, 2012 12:49:07 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 348405191
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-1C-1F-39-2C-41-38-AB-B0-D2
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 2C-41-38-AB-B0-D2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5D1F8CED-5999-422E-905C-F72798AEAAE2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5E55695B-2AAC-42F1-BFE8-112AE795AE20}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{D0E5B6A3-B0B6-4E3B-8502-87FBC460074D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.226.231] with 32 bytes of data:
Reply from 74.125.226.231: bytes=32 time=16ms TTL=55
Reply from 74.125.226.231: bytes=32 time=13ms TTL=55

Ping statistics for 74.125.226.231:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 13ms, Maximum = 16ms, Average = 14ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=45ms TTL=52
Reply from 98.139.183.24: bytes=32 time=41ms TTL=51

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 41ms, Maximum = 45ms, Average = 43ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...c4 3d c7 be 8b 0a ......Microsoft Virtual WiFi Miniport Adapter
14...c4 3d c7 be 8b 0a ......NETGEAR WNA3100 N300 Wireless USB Adapter
13...2c 41 38 ab b0 d2 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
12...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.16 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.16 281
192.168.1.16 255.255.255.255 On-link 192.168.1.16 281
192.168.1.255 255.255.255.255 On-link 192.168.1.16 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.16 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.16 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
14 281 fe80::/64 On-link
14 281 fe80::3148:4dd8:430d:583f/128
On-link
1 306 ff00::/8 On-link
14 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be %SystemRoot%\system32\NLAapi.dll

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/10/2012 11:04:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/10/2012 11:04:27 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/10/2012 10:50:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2012 09:17:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2012 03:29:32 AM) (Source: Application Error) (User: )
Description: Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964
Faulting module name: mshtml.dll, version: 8.0.7601.17785, time stamp: 0x4f4c658a
Exception code: 0xc00000fd
Fault offset: 0x000b8d3b
Faulting process id: 0x2b4c
Faulting application start time: 0xping.exe0
Faulting application path: ping.exe1
Faulting module path: ping.exe2
Report Id: ping.exe3

Error: (06/10/2012 03:27:55 AM) (Source: Application Error) (User: )
Description: Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0x2c4c
Faulting application start time: 0xping.exe0
Faulting application path: ping.exe1
Faulting module path: ping.exe2
Report Id: ping.exe3

Error: (06/10/2012 00:49:47 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/09/2012 09:29:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/09/2012 08:49:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/09/2012 08:49:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (06/10/2012 11:47:04 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (06/10/2012 11:47:04 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (06/10/2012 11:18:19 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (06/10/2012 11:18:19 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (06/10/2012 10:51:54 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service failed to start due to the following error:
%%1079

Error: (06/10/2012 10:51:53 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Skype C2C Service service.

Error: (06/10/2012 10:50:57 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (06/10/2012 10:50:57 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (06/10/2012 10:49:44 AM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (06/10/2012 10:49:42 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.


Microsoft Office Sessions:
=========================
Error: (06/10/2012 11:04:30 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Frank\Downloads\esetsmartinstaller_enu(1).exe

Error: (06/10/2012 11:04:27 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Frank\Downloads\esetsmartinstaller_enu(1).exe

Error: (06/10/2012 10:50:54 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2012 09:17:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2012 03:29:32 AM) (Source: Application Error)(User: )
Description: ping.exe6.1.7600.163854a5bc964mshtml.dll8.0.7601.177854f4c658ac00000fd000b8d3b2b4c01cd46d9fc772bb2C:\Windows\SysWOW64\ping.exeC:\Windows\SysWOW64\mshtml.dll04c2785a-b2ce-11e1-a6eb-2c4138abb0d2

Error: (06/10/2012 03:27:55 AM) (Source: Application Error)(User: )
Description: ping.exe6.1.7600.163854a5bc964ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c32c4c01cd46da8c9bbf6bC:\Windows\SysWOW64\ping.exeC:\Windows\SysWOW64\ntdll.dllcb7b5bce-b2cd-11e1-a6eb-2c4138abb0d2

Error: (06/10/2012 00:49:47 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/09/2012 09:29:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/09/2012 08:49:18 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Frank\Downloads\esetsmartinstaller_enu.exe

Error: (06/09/2012 08:49:18 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Frank\Downloads\esetsmartinstaller_enu(1).exe


=========================== Installed Programs ============================

7-Zip 9.20
A-Men Technologies USB-to-Serial
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.235)
Agatha Christie - Peril at End House (Version: 2.2.0.95)
Any Video Converter 3.3.2
ATI Catalyst Install Manager (Version: 3.0.774.0)
AVI Player
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bejeweled 3 (Version: 2.2.0.95)
Bing Rewards Client Installer (Version: 16.0.345.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blasterball 3 (Version: 2.2.0.95)
Blio (Version: 2.2.6699)
Bounce Symphony (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0511.2153.37435)
Catalyst Control Center Graphics Full Existing (Version: 2010.0511.2153.37435)
Catalyst Control Center Graphics Full New (Version: 2010.0511.2153.37435)
Catalyst Control Center Graphics Light (Version: 2010.0511.2153.37435)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0511.2153.37435)
Catalyst Control Center InstallProxy (Version: 2010.0511.2153.37435)
Catalyst Control Center Localization All (Version: 2010.0511.2153.37435)
ccc-core-static (Version: 2010.0511.2153.37435)
ccc-utility64 (Version: 2010.0511.2153.37435)
CCC Help Chinese Standard (Version: 2010.0511.2152.37435)
CCC Help Chinese Traditional (Version: 2010.0511.2152.37435)
CCC Help Czech (Version: 2010.0511.2152.37435)
CCC Help Danish (Version: 2010.0511.2152.37435)
CCC Help Dutch (Version: 2010.0511.2152.37435)
CCC Help English (Version: 2010.0511.2152.37435)
CCC Help Finnish (Version: 2010.0511.2152.37435)
CCC Help French (Version: 2010.0511.2152.37435)
CCC Help German (Version: 2010.0511.2152.37435)
CCC Help Greek (Version: 2010.0511.2152.37435)
CCC Help Hungarian (Version: 2010.0511.2152.37435)
CCC Help Italian (Version: 2010.0511.2152.37435)
CCC Help Japanese (Version: 2010.0511.2152.37435)
CCC Help Korean (Version: 2010.0511.2152.37435)
CCC Help Norwegian (Version: 2010.0511.2152.37435)
CCC Help Polish (Version: 2010.0511.2152.37435)
CCC Help Portuguese (Version: 2010.0511.2152.37435)
CCC Help Russian (Version: 2010.0511.2152.37435)
CCC Help Spanish (Version: 2010.0511.2152.37435)
CCC Help Swedish (Version: 2010.0511.2152.37435)
CCC Help Thai (Version: 2010.0511.2152.37435)
CCC Help Turkish (Version: 2010.0511.2152.37435)
Chuzzle Deluxe (Version: 2.2.0.95)
Compaq Setup Manager (Version: 1.1.13253.3682)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's World Adventure (Version: 2.2.0.95)
ESET Online Scanner v3
Farm Frenzy (Version: 2.2.0.95)
FATE - The Traitor Soul (Version: 2.2.0.95)
Google Earth Plug-in (Version: 6.2.2.6613)
Google Update Helper (Version: 1.3.21.111)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HiJackThis (Version: 1.0.0)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Games (Version: 1.0.2.4)
HP MovieStore (Version: 1.0.045)
HP MovieStore (Version: 2.0)
HP Odometer (Version: 2.10.0000)
HP Setup (Version: 8.6.4530.3651)
HP Support Assistant (Version: 6.1.12.1)
HP Support Information (Version: 10.1.1000)
HP Update (Version: 5.003.001.001)
HP Vision Hardware Diagnostics (Version: 2.5.0.0)
Huge Pine USB to UART Driver (Version: 1.90)
Junk Mail filter update (Version: 15.4.3502.0922)
Kobo (Version: 1.6)
LabelPrint (Version: 2.5.3609)
Mah Jong Medley (Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MediaFACE 5.0 (Version: 5.0)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery P.I. - Stolen in San Francisco (Version: 2.2.0.95)
Namco All-Stars PAC-MAN (Version: 2.2.0.95)
NETGEAR WNA3100 wireless USB 2.0 adapter (Version: 1.01.206)
Norton Internet Security (Version: 18.7.1.3)
Norton Online Backup (Version: 2.1.17869)
PDF Complete Special Edition (Version: 4.0.35)
Penguins! (Version: 2.2.0.95)
Philips VLounge
Photo-Brush 5.30 (Version: Photo-Brush 5.30)
PL-2303 USB-to-Serial (Version: 1.2.10)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Power2Go (Version: 6.1.4817)
PressReader (Version: 5.10.1217.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6251)
Recovery Manager (Version: 5.5.3621)
RoboForm 7-7-4 (All Users) (Version: 7-7-4)
RoxioNow Player (Version: 1.9.5.103)
Samsung AllShare (Version: 2.1.0.12031_10)
Skype Click to Call (Version: 6.0.10201)
Skype™ 5.9 (Version: 5.9.123)
Slingo Supreme (Version: 2.2.0.95)
Sophos Virus Removal Tool (Version: 2.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
VLC media player 1.1.11 (Version: 1.1.11)
Wheel of Fortune 2 (Version: 2.2.0.95)
WildTangent Games App (HP Games) (Version: 4.0.5.36)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Zinio Reader 4 (Version: 4.0.3184)
Zuma Deluxe (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 7935.29 MB
Available physical RAM: 5646.53 MB
Total Pagefile: 15868.76 MB
Available Pagefile: 13546.2 MB
Total Virtual: 4095.88 MB
Available Virtual: 3966.7 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:454.72 GB) (Free:377.59 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:10.94 GB) (Free:1.34 GB) NTFS

========================= Users: ========================================

User accounts for \\FRANK-HP

Administrator Frank Guest


**** End of log ****

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:48 PM

Posted 10 June 2012 - 12:33 PM

We need advanced tools to remove this one

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#5 frank1927

frank1927
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 10 June 2012 - 12:48 PM

Advanced tools? That sounds scary
I'll read the article. then post in the new forum
thanks,
-frank

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:48 PM

Posted 10 June 2012 - 01:02 PM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users