Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirects and adverts in the bottom right hand corner


  • This topic is locked This topic is locked
4 replies to this topic

#1 MDenn1986

MDenn1986

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 14 July 2012 - 06:27 AM

Hi

I've seen this problem posted a few times before but it seems to be that every case is slightly different so any help would be greatly appreciated. I keep getting redirected to sites I have no intention of going to, alongside this, I am getting alot of ads pop up in the bottom right hand side of my browser. Both problems as i'm sure alot of people know are extremely annoying.

So far i've run both MalwareBytes and Spybot, but neither seem to solve the problem. My operating system is Windows 7 Home Premium Version 6.1 (Build) 7600) and i'm using Firefox 13.0.1.


Thankyou

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:21 PM

Posted 14 July 2012 - 01:09 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 MDenn1986

MDenn1986
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 17 July 2012 - 10:29 AM

Thankyou for your reply, here are my log results:

17:29:06.0338 4624 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
17:29:06.0944 4624 ============================================================
17:29:06.0944 4624 Current date / time: 2012/07/16 17:29:06.0944
17:29:06.0945 4624 SystemInfo:
17:29:06.0945 4624
17:29:06.0945 4624 OS Version: 6.1.7600 ServicePack: 0.0
17:29:06.0945 4624 Product type: Workstation
17:29:06.0945 4624 ComputerName: NICKY-HP
17:29:06.0946 4624 UserName: Nicky
17:29:06.0946 4624 Windows directory: C:\Windows
17:29:06.0946 4624 System windows directory: C:\Windows
17:29:06.0946 4624 Running under WOW64
17:29:06.0946 4624 Processor architecture: Intel x64
17:29:06.0946 4624 Number of processors: 1
17:29:06.0946 4624 Page size: 0x1000
17:29:06.0946 4624 Boot type: Normal boot
17:29:06.0946 4624 ============================================================
17:29:09.0192 4624 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:29:09.0197 4624 ============================================================
17:29:09.0198 4624 \Device\Harddisk0\DR0:
17:29:09.0198 4624 MBR partitions:
17:29:09.0198 4624 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
17:29:09.0198 4624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x232CB800
17:29:09.0198 4624 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2332F800, BlocksNum 0x20CB000
17:29:09.0198 4624 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
17:29:09.0198 4624 ============================================================
17:29:09.0231 4624 C: <-> \Device\Harddisk0\DR0\Partition1
17:29:09.0281 4624 D: <-> \Device\Harddisk0\DR0\Partition2
17:29:09.0281 4624 ============================================================
17:29:09.0281 4624 Initialize success
17:29:09.0281 4624 ============================================================
17:29:33.0226 2604 ============================================================
17:29:33.0226 2604 Scan started
17:29:33.0226 2604 Mode: Manual; TDLFS;
17:29:33.0226 2604 ============================================================
17:29:34.0458 2604 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
17:29:34.0466 2604 1394ohci - ok
17:29:34.0515 2604 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
17:29:34.0532 2604 ACPI - ok
17:29:34.0570 2604 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
17:29:34.0571 2604 AcpiPmi - ok
17:29:34.0635 2604 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:29:34.0655 2604 adp94xx - ok
17:29:34.0692 2604 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:29:34.0712 2604 adpahci - ok
17:29:34.0767 2604 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:29:34.0771 2604 adpu320 - ok
17:29:34.0810 2604 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:29:34.0811 2604 AeLookupSvc - ok
17:29:34.0896 2604 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
17:29:34.0902 2604 AERTFilters - ok
17:29:34.0977 2604 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
17:29:34.0997 2604 AFD - ok
17:29:35.0048 2604 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
17:29:35.0052 2604 agp440 - ok
17:29:35.0092 2604 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:29:35.0096 2604 ALG - ok
17:29:35.0142 2604 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
17:29:35.0144 2604 aliide - ok
17:29:35.0200 2604 AMD External Events Utility (4609419a19891c706455c1a747431af9) C:\Windows\system32\atiesrxx.exe
17:29:35.0204 2604 AMD External Events Utility - ok
17:29:35.0232 2604 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
17:29:35.0234 2604 amdide - ok
17:29:35.0256 2604 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:29:35.0258 2604 AmdK8 - ok
17:29:35.0753 2604 amdkmdag (4bffead896affbc80c86f62cd18f17c9) C:\Windows\system32\DRIVERS\atipmdag.sys
17:29:35.0917 2604 amdkmdag - ok
17:29:36.0084 2604 amdkmdap (a7155a832f24cf5b048f6048380636ec) C:\Windows\system32\DRIVERS\atikmpag.sys
17:29:36.0088 2604 amdkmdap - ok
17:29:36.0142 2604 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:29:36.0143 2604 AmdPPM - ok
17:29:36.0179 2604 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
17:29:36.0181 2604 amdsata - ok
17:29:36.0236 2604 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:29:36.0242 2604 amdsbs - ok
17:29:36.0269 2604 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
17:29:36.0271 2604 amdxata - ok
17:29:36.0309 2604 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
17:29:36.0312 2604 AppID - ok
17:29:36.0340 2604 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:29:36.0342 2604 AppIDSvc - ok
17:29:36.0377 2604 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
17:29:36.0377 2604 Appinfo - ok
17:29:36.0525 2604 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:29:36.0529 2604 Apple Mobile Device - ok
17:29:36.0591 2604 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:29:36.0594 2604 arc - ok
17:29:36.0631 2604 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:29:36.0634 2604 arcsas - ok
17:29:36.0677 2604 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:29:36.0679 2604 AsyncMac - ok
17:29:36.0714 2604 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
17:29:36.0717 2604 atapi - ok
17:29:36.0903 2604 athr (40734f3a5eec4c4ac6a1faf10b293714) C:\Windows\system32\DRIVERS\athrx.sys
17:29:36.0977 2604 athr - ok
17:29:37.0157 2604 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
17:29:37.0159 2604 AtiPcie - ok
17:29:37.0239 2604 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:29:37.0261 2604 AudioEndpointBuilder - ok
17:29:37.0277 2604 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:29:37.0281 2604 AudioSrv - ok
17:29:37.0347 2604 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
17:29:37.0351 2604 AxInstSV - ok
17:29:37.0423 2604 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:29:37.0441 2604 b06bdrv - ok
17:29:37.0491 2604 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:29:37.0505 2604 b57nd60a - ok
17:29:37.0556 2604 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:29:37.0558 2604 BDESVC - ok
17:29:37.0585 2604 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:29:37.0587 2604 Beep - ok
17:29:37.0832 2604 BHDrvx64 (3b9b31981894123f78c4ef0d97184319) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110419.001\BHDrvx64.sys
17:29:37.0866 2604 BHDrvx64 - ok
17:29:37.0944 2604 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
17:29:37.0970 2604 BITS - ok
17:29:38.0026 2604 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:29:38.0029 2604 blbdrive - ok
17:29:38.0129 2604 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
17:29:38.0148 2604 Bonjour Service - ok
17:29:38.0188 2604 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
17:29:38.0191 2604 bowser - ok
17:29:38.0214 2604 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:29:38.0216 2604 BrFiltLo - ok
17:29:38.0232 2604 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:29:38.0234 2604 BrFiltUp - ok
17:29:38.0278 2604 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
17:29:38.0281 2604 Browser - ok
17:29:38.0323 2604 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:29:38.0340 2604 Brserid - ok
17:29:38.0386 2604 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:29:38.0388 2604 BrSerWdm - ok
17:29:38.0411 2604 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:29:38.0414 2604 BrUsbMdm - ok
17:29:38.0435 2604 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:29:38.0436 2604 BrUsbSer - ok
17:29:38.0459 2604 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:29:38.0463 2604 BTHMODEM - ok
17:29:38.0513 2604 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:29:38.0516 2604 bthserv - ok
17:29:38.0543 2604 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:29:38.0549 2604 cdfs - ok
17:29:38.0590 2604 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
17:29:38.0593 2604 cdrom - ok
17:29:38.0629 2604 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:29:38.0631 2604 CertPropSvc - ok
17:29:38.0669 2604 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:29:38.0671 2604 circlass - ok
17:29:38.0716 2604 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:29:38.0735 2604 CLFS - ok
17:29:38.0837 2604 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:29:38.0840 2604 clr_optimization_v2.0.50727_32 - ok
17:29:38.0876 2604 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:29:38.0879 2604 clr_optimization_v2.0.50727_64 - ok
17:29:38.0948 2604 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:29:38.0977 2604 clr_optimization_v4.0.30319_32 - ok
17:29:39.0022 2604 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:29:39.0026 2604 clr_optimization_v4.0.30319_64 - ok
17:29:39.0068 2604 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:29:39.0070 2604 CmBatt - ok
17:29:39.0095 2604 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
17:29:39.0097 2604 cmdide - ok
17:29:39.0169 2604 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
17:29:39.0187 2604 CNG - ok
17:29:39.0227 2604 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:29:39.0229 2604 Compbatt - ok
17:29:39.0258 2604 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:29:39.0260 2604 CompositeBus - ok
17:29:39.0284 2604 COMSysApp - ok
17:29:39.0320 2604 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:29:39.0322 2604 crcdisk - ok
17:29:39.0389 2604 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
17:29:39.0392 2604 CryptSvc - ok
17:29:39.0548 2604 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:29:39.0554 2604 cvhsvc - ok
17:29:39.0631 2604 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:29:39.0645 2604 DcomLaunch - ok
17:29:39.0696 2604 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:29:39.0714 2604 defragsvc - ok
17:29:39.0803 2604 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
17:29:39.0809 2604 DfsC - ok
17:29:39.0908 2604 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
17:29:39.0923 2604 Dhcp - ok
17:29:39.0959 2604 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:29:39.0960 2604 discache - ok
17:29:39.0994 2604 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:29:39.0997 2604 Disk - ok
17:29:40.0055 2604 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
17:29:40.0061 2604 Dnscache - ok
17:29:40.0110 2604 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
17:29:40.0114 2604 dot3svc - ok
17:29:40.0149 2604 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
17:29:40.0152 2604 DPS - ok
17:29:40.0205 2604 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:29:40.0207 2604 drmkaud - ok
17:29:40.0296 2604 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
17:29:40.0347 2604 DXGKrnl - ok
17:29:40.0383 2604 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:29:40.0385 2604 EapHost - ok
17:29:40.0588 2604 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:29:40.0697 2604 ebdrv - ok
17:29:40.0845 2604 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
17:29:40.0868 2604 eeCtrl - ok
17:29:41.0020 2604 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
17:29:41.0023 2604 EFS - ok
17:29:41.0133 2604 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
17:29:41.0158 2604 ehRecvr - ok
17:29:41.0196 2604 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:29:41.0200 2604 ehSched - ok
17:29:41.0296 2604 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:29:41.0322 2604 elxstor - ok
17:29:41.0448 2604 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:29:41.0452 2604 EraserUtilRebootDrv - ok
17:29:41.0501 2604 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
17:29:41.0503 2604 ErrDev - ok
17:29:41.0568 2604 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:29:41.0584 2604 EventSystem - ok
17:29:41.0617 2604 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:29:41.0623 2604 exfat - ok
17:29:41.0650 2604 ezSharedSvc - ok
17:29:41.0684 2604 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:29:41.0689 2604 fastfat - ok
17:29:41.0764 2604 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
17:29:41.0792 2604 Fax - ok
17:29:41.0831 2604 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:29:41.0833 2604 fdc - ok
17:29:41.0867 2604 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:29:41.0869 2604 fdPHost - ok
17:29:41.0892 2604 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:29:41.0895 2604 FDResPub - ok
17:29:41.0920 2604 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:29:41.0922 2604 FileInfo - ok
17:29:41.0946 2604 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:29:41.0948 2604 Filetrace - ok
17:29:41.0978 2604 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:29:41.0985 2604 flpydisk - ok
17:29:42.0022 2604 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
17:29:42.0039 2604 FltMgr - ok
17:29:42.0150 2604 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
17:29:42.0180 2604 FontCache - ok
17:29:42.0270 2604 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:29:42.0272 2604 FontCache3.0.0.0 - ok
17:29:42.0318 2604 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:29:42.0320 2604 FsDepends - ok
17:29:42.0354 2604 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
17:29:42.0356 2604 Fs_Rec - ok
17:29:42.0418 2604 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:29:42.0422 2604 fvevol - ok
17:29:42.0459 2604 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:29:42.0463 2604 gagp30kx - ok
17:29:42.0574 2604 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
17:29:42.0582 2604 GameConsoleService - ok
17:29:42.0632 2604 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:29:42.0635 2604 GEARAspiWDM - ok
17:29:42.0707 2604 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
17:29:42.0753 2604 gpsvc - ok
17:29:42.0785 2604 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:29:42.0787 2604 hcw85cir - ok
17:29:42.0849 2604 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
17:29:42.0869 2604 HdAudAddService - ok
17:29:42.0910 2604 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:29:42.0913 2604 HDAudBus - ok
17:29:42.0943 2604 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:29:42.0945 2604 HidBatt - ok
17:29:42.0976 2604 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:29:42.0979 2604 HidBth - ok
17:29:43.0005 2604 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:29:43.0008 2604 HidIr - ok
17:29:43.0049 2604 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:29:43.0053 2604 hidserv - ok
17:29:43.0101 2604 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
17:29:43.0104 2604 HidUsb - ok
17:29:43.0122 2604 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
17:29:43.0125 2604 hkmsvc - ok
17:29:43.0154 2604 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
17:29:43.0159 2604 HomeGroupListener - ok
17:29:43.0221 2604 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
17:29:43.0233 2604 HomeGroupProvider - ok
17:29:43.0375 2604 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:29:43.0377 2604 HP Support Assistant Service - ok
17:29:43.0519 2604 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
17:29:43.0522 2604 HP Wireless Assistant Service - ok
17:29:43.0588 2604 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:29:43.0591 2604 HPDrvMntSvc.exe - ok
17:29:43.0662 2604 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
17:29:43.0725 2604 hpqwmiex - ok
17:29:43.0879 2604 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:29:43.0888 2604 HpSAMD - ok
17:29:43.0944 2604 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
17:29:43.0946 2604 HPWMISVC - ok
17:29:44.0005 2604 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
17:29:44.0048 2604 HTTP - ok
17:29:44.0068 2604 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
17:29:44.0069 2604 hwpolicy - ok
17:29:44.0100 2604 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:29:44.0103 2604 i8042prt - ok
17:29:44.0177 2604 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
17:29:44.0197 2604 iaStorV - ok
17:29:44.0333 2604 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:29:44.0380 2604 idsvc - ok
17:29:44.0596 2604 IDSVia64 (8f9faa4583e634a1505bad8d0c04c5c9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110429.002\IDSvia64.sys
17:29:44.0611 2604 IDSVia64 - ok
17:29:45.0113 2604 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:29:45.0261 2604 igfx - ok
17:29:45.0377 2604 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:29:45.0379 2604 iirsp - ok
17:29:45.0468 2604 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
17:29:45.0495 2604 IKEEXT - ok
17:29:45.0662 2604 IntcAzAudAddService (b88e24bd77a0ce2cffee2facf1151be0) C:\Windows\system32\drivers\RTKVHD64.sys
17:29:45.0741 2604 IntcAzAudAddService - ok
17:29:45.0892 2604 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
17:29:45.0894 2604 intelide - ok
17:29:45.0932 2604 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:29:45.0935 2604 intelppm - ok
17:29:45.0982 2604 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:29:45.0985 2604 IPBusEnum - ok
17:29:46.0028 2604 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:29:46.0032 2604 IpFilterDriver - ok
17:29:46.0054 2604 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:29:46.0057 2604 IPMIDRV - ok
17:29:46.0097 2604 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:29:46.0100 2604 IPNAT - ok
17:29:46.0198 2604 iPod Service (f8e8676d1b6b2cc12df9aa6b1a43d929) C:\Program Files\iPod\bin\iPodService.exe
17:29:46.0222 2604 iPod Service - ok
17:29:46.0262 2604 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:29:46.0264 2604 IRENUM - ok
17:29:46.0296 2604 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
17:29:46.0298 2604 isapnp - ok
17:29:46.0353 2604 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
17:29:46.0365 2604 iScsiPrt - ok
17:29:46.0397 2604 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:29:46.0399 2604 kbdclass - ok
17:29:46.0430 2604 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
17:29:46.0432 2604 kbdhid - ok
17:29:46.0475 2604 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:29:46.0477 2604 KeyIso - ok
17:29:46.0520 2604 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
17:29:46.0523 2604 KSecDD - ok
17:29:46.0556 2604 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
17:29:46.0559 2604 KSecPkg - ok
17:29:46.0610 2604 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:29:46.0613 2604 ksthunk - ok
17:29:46.0677 2604 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:29:46.0696 2604 KtmRm - ok
17:29:46.0742 2604 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
17:29:46.0748 2604 LanmanServer - ok
17:29:46.0794 2604 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
17:29:46.0796 2604 LanmanWorkstation - ok
17:29:46.0919 2604 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:29:46.0921 2604 LightScribeService - ok
17:29:46.0974 2604 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:29:46.0976 2604 lltdio - ok
17:29:47.0041 2604 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:29:47.0059 2604 lltdsvc - ok
17:29:47.0084 2604 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:29:47.0085 2604 lmhosts - ok
17:29:47.0140 2604 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:29:47.0144 2604 LSI_FC - ok
17:29:47.0170 2604 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:29:47.0174 2604 LSI_SAS - ok
17:29:47.0199 2604 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:29:47.0202 2604 LSI_SAS2 - ok
17:29:47.0237 2604 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:29:47.0240 2604 LSI_SCSI - ok
17:29:47.0277 2604 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:29:47.0279 2604 luafv - ok
17:29:47.0342 2604 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
17:29:47.0346 2604 Mcx2Svc - ok
17:29:47.0379 2604 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:29:47.0381 2604 megasas - ok
17:29:47.0430 2604 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:29:47.0443 2604 MegaSR - ok
17:29:47.0474 2604 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:29:47.0477 2604 MMCSS - ok
17:29:47.0504 2604 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:29:47.0507 2604 Modem - ok
17:29:47.0540 2604 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:29:47.0541 2604 monitor - ok
17:29:47.0570 2604 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:29:47.0573 2604 mouclass - ok
17:29:47.0605 2604 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:29:47.0607 2604 mouhid - ok
17:29:47.0631 2604 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
17:29:47.0633 2604 mountmgr - ok
17:29:47.0757 2604 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:29:47.0760 2604 MozillaMaintenance - ok
17:29:47.0800 2604 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
17:29:47.0804 2604 mpio - ok
17:29:47.0841 2604 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:29:47.0858 2604 mpsdrv - ok
17:29:47.0883 2604 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
17:29:47.0887 2604 MRxDAV - ok
17:29:47.0948 2604 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:29:47.0964 2604 mrxsmb - ok
17:29:48.0023 2604 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:29:48.0036 2604 mrxsmb10 - ok
17:29:48.0058 2604 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:29:48.0062 2604 mrxsmb20 - ok
17:29:48.0100 2604 msahci (5e939cf91ea4a841dbafe4627e0292bb) C:\Windows\system32\DRIVERS\msahci.sys
17:29:48.0103 2604 msahci - ok
17:29:48.0136 2604 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
17:29:48.0140 2604 msdsm - ok
17:29:48.0181 2604 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:29:48.0186 2604 MSDTC - ok
17:29:48.0231 2604 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:29:48.0233 2604 Msfs - ok
17:29:48.0263 2604 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:29:48.0265 2604 mshidkmdf - ok
17:29:48.0296 2604 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
17:29:48.0299 2604 msisadrv - ok
17:29:48.0341 2604 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:29:48.0351 2604 MSiSCSI - ok
17:29:48.0360 2604 msiserver - ok
17:29:48.0408 2604 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:29:48.0410 2604 MSKSSRV - ok
17:29:48.0437 2604 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:29:48.0439 2604 MSPCLOCK - ok
17:29:48.0458 2604 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:29:48.0460 2604 MSPQM - ok
17:29:48.0507 2604 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
17:29:48.0527 2604 MsRPC - ok
17:29:48.0549 2604 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:29:48.0550 2604 mssmbios - ok
17:29:48.0574 2604 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:29:48.0575 2604 MSTEE - ok
17:29:48.0601 2604 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:29:48.0604 2604 MTConfig - ok
17:29:48.0640 2604 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:29:48.0643 2604 Mup - ok
17:29:48.0703 2604 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
17:29:48.0717 2604 napagent - ok
17:29:48.0768 2604 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:29:48.0786 2604 NativeWifiP - ok
17:29:48.0946 2604 NAVENG (ba3d1e520fccc1783282f43b8adfc4ca) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110429.037\ENG64.SYS
17:29:48.0958 2604 NAVENG - ok
17:29:49.0113 2604 NAVEX15 (9f602385a74e30d13fb9083213cddc87) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110429.037\EX64.SYS
17:29:49.0180 2604 NAVEX15 - ok
17:29:49.0375 2604 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
17:29:49.0409 2604 NDIS - ok
17:29:49.0441 2604 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:29:49.0443 2604 NdisCap - ok
17:29:49.0490 2604 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:29:49.0492 2604 NdisTapi - ok
17:29:49.0527 2604 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
17:29:49.0529 2604 Ndisuio - ok
17:29:49.0553 2604 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:29:49.0558 2604 NdisWan - ok
17:29:49.0581 2604 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
17:29:49.0583 2604 NDProxy - ok
17:29:49.0607 2604 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:29:49.0609 2604 NetBIOS - ok
17:29:49.0647 2604 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
17:29:49.0657 2604 NetBT - ok
17:29:49.0702 2604 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:29:49.0703 2604 Netlogon - ok
17:29:49.0766 2604 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:29:49.0786 2604 Netman - ok
17:29:49.0862 2604 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:29:49.0880 2604 netprofm - ok
17:29:49.0963 2604 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:29:49.0967 2604 NetTcpPortSharing - ok
17:29:50.0315 2604 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
17:29:50.0491 2604 netw5v64 - ok
17:29:50.0647 2604 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:29:50.0651 2604 nfrd960 - ok
17:29:50.0791 2604 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
17:29:50.0797 2604 NIS - ok
17:29:50.0868 2604 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
17:29:50.0886 2604 NlaSvc - ok
17:29:51.0136 2604 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
17:29:51.0225 2604 NOBU - ok
17:29:51.0365 2604 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:29:51.0371 2604 Npfs - ok
17:29:51.0396 2604 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:29:51.0398 2604 nsi - ok
17:29:51.0418 2604 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:29:51.0418 2604 nsiproxy - ok
17:29:51.0549 2604 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
17:29:51.0616 2604 Ntfs - ok
17:29:51.0758 2604 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:29:51.0760 2604 Null - ok
17:29:51.0815 2604 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
17:29:51.0819 2604 nvraid - ok
17:29:51.0850 2604 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
17:29:51.0855 2604 nvstor - ok
17:29:51.0904 2604 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
17:29:51.0908 2604 nv_agp - ok
17:29:51.0942 2604 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
17:29:51.0949 2604 ohci1394 - ok
17:29:52.0050 2604 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:29:52.0063 2604 ose - ok
17:29:52.0404 2604 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:29:52.0522 2604 osppsvc - ok
17:29:52.0653 2604 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:29:52.0673 2604 p2pimsvc - ok
17:29:52.0724 2604 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:29:52.0749 2604 p2psvc - ok
17:29:52.0898 2604 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:29:52.0912 2604 Parport - ok
17:29:53.0139 2604 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
17:29:53.0155 2604 partmgr - ok
17:29:53.0364 2604 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:29:53.0377 2604 PcaSvc - ok
17:29:53.0573 2604 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
17:29:53.0577 2604 pci - ok
17:29:53.0640 2604 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
17:29:53.0687 2604 pciide - ok
17:29:53.0775 2604 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:29:53.0790 2604 pcmcia - ok
17:29:53.0813 2604 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:29:53.0815 2604 pcw - ok
17:29:54.0292 2604 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:29:54.0329 2604 PEAUTH - ok
17:29:54.0422 2604 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:29:54.0424 2604 PerfHost - ok
17:29:54.0547 2604 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
17:29:54.0591 2604 pla - ok
17:29:54.0674 2604 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
17:29:54.0689 2604 PlugPlay - ok
17:29:54.0706 2604 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:29:54.0709 2604 PNRPAutoReg - ok
17:29:54.0754 2604 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:29:54.0758 2604 PNRPsvc - ok
17:29:54.0816 2604 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
17:29:54.0836 2604 PolicyAgent - ok
17:29:54.0885 2604 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:29:54.0889 2604 Power - ok
17:29:54.0955 2604 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
17:29:54.0957 2604 PptpMiniport - ok
17:29:54.0992 2604 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:29:54.0995 2604 Processor - ok
17:29:55.0043 2604 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
17:29:55.0047 2604 ProfSvc - ok
17:29:55.0093 2604 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:29:55.0094 2604 ProtectedStorage - ok
17:29:55.0126 2604 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
17:29:55.0129 2604 Psched - ok
17:29:55.0245 2604 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:29:55.0316 2604 ql2300 - ok
17:29:55.0502 2604 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:29:55.0506 2604 ql40xx - ok
17:29:55.0547 2604 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:29:55.0554 2604 QWAVE - ok
17:29:55.0574 2604 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:29:55.0576 2604 QWAVEdrv - ok
17:29:55.0601 2604 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:29:55.0603 2604 RasAcd - ok
17:29:55.0635 2604 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:29:55.0637 2604 RasAgileVpn - ok
17:29:55.0657 2604 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:29:55.0661 2604 RasAuto - ok
17:29:55.0694 2604 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:29:55.0697 2604 Rasl2tp - ok
17:29:55.0737 2604 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
17:29:55.0755 2604 RasMan - ok
17:29:55.0788 2604 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:29:55.0791 2604 RasPppoe - ok
17:29:55.0822 2604 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:29:55.0825 2604 RasSstp - ok
17:29:55.0855 2604 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
17:29:55.0911 2604 rdbss - ok
17:29:56.0132 2604 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:29:56.0139 2604 rdpbus - ok
17:29:56.0172 2604 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:29:56.0174 2604 RDPCDD - ok
17:29:56.0206 2604 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:29:56.0208 2604 RDPENCDD - ok
17:29:56.0232 2604 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:29:56.0233 2604 RDPREFMP - ok
17:29:56.0298 2604 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
17:29:56.0302 2604 RDPWD - ok
17:29:56.0775 2604 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
17:29:56.0794 2604 rdyboost - ok
17:29:57.0020 2604 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:29:57.0025 2604 RemoteAccess - ok
17:29:57.0559 2604 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:29:57.0584 2604 RemoteRegistry - ok
17:29:57.0768 2604 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:29:57.0772 2604 RpcEptMapper - ok
17:29:57.0859 2604 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:29:57.0862 2604 RpcLocator - ok
17:29:59.0502 2604 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:29:59.0515 2604 RpcSs - ok
17:29:59.0593 2604 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:29:59.0600 2604 rspndr - ok
17:29:59.0756 2604 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:29:59.0782 2604 RTL8167 - ok
17:29:59.0962 2604 RtVOsdService (5fff3e71b4724bb10918fd6dd7413d99) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
17:29:59.0983 2604 RtVOsdService - ok
17:30:00.0099 2604 SABProcEnum (5f22132c9153639762708909f156b33d) C:\Windows\system32\lanmanserver.dll
17:30:00.0101 2604 SABProcEnum ( Backdoor.Multi.ZAccess.gen ) - infected
17:30:00.0101 2604 SABProcEnum - detected Backdoor.Multi.ZAccess.gen (0)
17:30:00.0161 2604 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:30:00.0162 2604 SamSs - ok
17:30:00.0241 2604 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
17:30:00.0263 2604 sbp2port - ok
17:30:00.0755 2604 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
17:30:00.0788 2604 SBSDWSCService - ok
17:30:00.0882 2604 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:30:00.0900 2604 SCardSvr - ok
17:30:01.0016 2604 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
17:30:01.0018 2604 scfilter - ok
17:30:01.0360 2604 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
17:30:01.0407 2604 Schedule - ok
17:30:01.0463 2604 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:30:01.0464 2604 SCPolicySvc - ok
17:30:01.0566 2604 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
17:30:01.0578 2604 sdbus - ok
17:30:01.0677 2604 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
17:30:01.0692 2604 SDRSVC - ok
17:30:01.0799 2604 SeaPort - ok
17:30:01.0861 2604 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:30:01.0863 2604 secdrv - ok
17:30:01.0899 2604 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
17:30:01.0902 2604 seclogon - ok
17:30:01.0951 2604 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:30:01.0953 2604 SENS - ok
17:30:02.0008 2604 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:30:02.0012 2604 SensrSvc - ok
17:30:02.0058 2604 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:30:02.0061 2604 Serenum - ok
17:30:02.0126 2604 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:30:02.0136 2604 Serial - ok
17:30:02.0173 2604 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:30:02.0176 2604 sermouse - ok
17:30:02.0245 2604 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
17:30:02.0256 2604 SessionEnv - ok
17:30:02.0301 2604 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:30:02.0304 2604 sffdisk - ok
17:30:02.0350 2604 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:30:02.0352 2604 sffp_mmc - ok
17:30:02.0390 2604 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:30:02.0392 2604 sffp_sd - ok
17:30:02.0430 2604 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:30:02.0432 2604 sfloppy - ok
17:30:02.0714 2604 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
17:30:02.0745 2604 Sftfs - ok
17:30:02.0985 2604 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:30:03.0013 2604 sftlist - ok
17:30:03.0128 2604 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:30:03.0142 2604 Sftplay - ok
17:30:03.0184 2604 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:30:03.0187 2604 Sftredir - ok
17:30:03.0228 2604 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
17:30:03.0230 2604 Sftvol - ok
17:30:03.0309 2604 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:30:03.0321 2604 sftvsa - ok
17:30:03.0504 2604 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:30:03.0522 2604 SharedAccess - ok
17:30:03.0655 2604 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
17:30:03.0667 2604 ShellHWDetection - ok
17:30:03.0706 2604 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:30:03.0710 2604 SiSRaid2 - ok
17:30:03.0773 2604 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:30:03.0786 2604 SiSRaid4 - ok
17:30:03.0858 2604 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:30:03.0868 2604 Smb - ok
17:30:03.0938 2604 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:30:03.0943 2604 SNMPTRAP - ok
17:30:03.0969 2604 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:30:03.0972 2604 spldr - ok
17:30:04.0152 2604 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
17:30:04.0174 2604 Spooler - ok
17:30:05.0306 2604 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
17:30:05.0406 2604 sppsvc - ok
17:30:05.0543 2604 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:30:05.0546 2604 sppuinotify - ok
17:30:05.0684 2604 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
17:30:05.0746 2604 SRTSP - ok
17:30:05.0764 2604 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
17:30:05.0766 2604 SRTSPX - ok
17:30:05.0819 2604 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
17:30:05.0834 2604 srv - ok
17:30:05.0870 2604 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
17:30:05.0879 2604 srv2 - ok
17:30:05.0936 2604 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:30:05.0955 2604 SrvHsfHDA - ok
17:30:06.0063 2604 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:30:06.0107 2604 SrvHsfV92 - ok
17:30:06.0306 2604 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:30:06.0334 2604 SrvHsfWinac - ok
17:30:06.0384 2604 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
17:30:06.0387 2604 srvnet - ok
17:30:06.0441 2604 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:30:06.0446 2604 SSDPSRV - ok
17:30:06.0468 2604 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:30:06.0470 2604 SstpSvc - ok
17:30:06.0561 2604 Steam Client Service - ok
17:30:06.0612 2604 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:30:06.0616 2604 stexstor - ok
17:30:06.0695 2604 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
17:30:06.0720 2604 stisvc - ok
17:30:06.0758 2604 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:30:06.0760 2604 swenum - ok
17:30:06.0818 2604 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:30:06.0842 2604 swprv - ok
17:30:06.0958 2604 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
17:30:07.0009 2604 SymDS - ok
17:30:07.0086 2604 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
17:30:07.0170 2604 SymEFA - ok
17:30:07.0212 2604 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
17:30:07.0216 2604 SymEvent - ok
17:30:07.0243 2604 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
17:30:07.0246 2604 SymIRON - ok
17:30:07.0294 2604 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
17:30:07.0309 2604 SymNetS - ok
17:30:07.0433 2604 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
17:30:07.0472 2604 SynTP - ok
17:30:07.0675 2604 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
17:30:07.0727 2604 SysMain - ok
17:30:07.0796 2604 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
17:30:07.0802 2604 TabletInputService - ok
17:30:07.0837 2604 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
17:30:07.0854 2604 TapiSrv - ok
17:30:07.0874 2604 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:30:07.0878 2604 TBS - ok
17:30:08.0057 2604 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
17:30:08.0113 2604 Tcpip - ok
17:30:08.0340 2604 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
17:30:08.0353 2604 TCPIP6 - ok
17:30:08.0446 2604 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
17:30:08.0449 2604 tcpipreg - ok
17:30:08.0515 2604 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:30:08.0517 2604 TDPIPE - ok
17:30:08.0567 2604 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
17:30:08.0570 2604 TDTCP - ok
17:30:08.0618 2604 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
17:30:08.0620 2604 tdx - ok
17:30:08.0639 2604 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
17:30:08.0642 2604 TermDD - ok
17:30:08.0723 2604 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
17:30:08.0787 2604 TermService - ok
17:30:08.0830 2604 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:30:08.0834 2604 Themes - ok
17:30:08.0869 2604 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:30:08.0871 2604 THREADORDER - ok
17:30:08.0899 2604 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:30:08.0902 2604 TrkWks - ok
17:30:08.0964 2604 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
17:30:08.0969 2604 TrustedInstaller - ok
17:30:09.0006 2604 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:30:09.0008 2604 tssecsrv - ok
17:30:09.0057 2604 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
17:30:09.0060 2604 tunnel - ok
17:30:09.0107 2604 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:30:09.0109 2604 uagp35 - ok
17:30:09.0161 2604 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
17:30:09.0179 2604 udfs - ok
17:30:09.0224 2604 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:30:09.0229 2604 UI0Detect - ok
17:30:09.0269 2604 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:30:09.0272 2604 uliagpkx - ok
17:30:09.0327 2604 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
17:30:09.0329 2604 umbus - ok
17:30:09.0374 2604 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:30:09.0376 2604 UmPass - ok
17:30:09.0433 2604 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:30:09.0454 2604 upnphost - ok
17:30:09.0508 2604 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
17:30:09.0510 2604 USBAAPL64 - ok
17:30:09.0547 2604 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
17:30:09.0549 2604 usbccgp - ok
17:30:09.0590 2604 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
17:30:09.0594 2604 usbcir - ok
17:30:09.0617 2604 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
17:30:09.0619 2604 usbehci - ok
17:30:09.0692 2604 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
17:30:09.0694 2604 usbfilter - ok
17:30:09.0753 2604 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
17:30:09.0774 2604 usbhub - ok
17:30:09.0808 2604 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys
17:30:09.0810 2604 usbohci - ok
17:30:09.0862 2604 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:30:09.0864 2604 usbprint - ok
17:30:09.0909 2604 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:30:09.0912 2604 usbscan - ok
17:30:09.0949 2604 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:30:09.0953 2604 USBSTOR - ok
17:30:09.0993 2604 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
17:30:09.0995 2604 usbuhci - ok
17:30:10.0076 2604 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
17:30:10.0095 2604 usbvideo - ok
17:30:10.0127 2604 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:30:10.0131 2604 UxSms - ok
17:30:10.0180 2604 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:30:10.0181 2604 VaultSvc - ok
17:30:10.0320 2604 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:30:10.0358 2604 vdrvroot - ok
17:30:10.0581 2604 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
17:30:10.0610 2604 vds - ok
17:30:10.0666 2604 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:30:10.0669 2604 vga - ok
17:30:10.0693 2604 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:30:10.0695 2604 VgaSave - ok
17:30:10.0743 2604 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
17:30:10.0747 2604 vhdmp - ok
17:30:10.0765 2604 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
17:30:10.0768 2604 viaide - ok
17:30:10.0798 2604 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
17:30:10.0802 2604 volmgr - ok
17:30:10.0849 2604 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
17:30:10.0867 2604 volmgrx - ok
17:30:10.0906 2604 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
17:30:10.0923 2604 volsnap - ok
17:30:10.0955 2604 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:30:10.0959 2604 vsmraid - ok
17:30:11.0081 2604 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
17:30:11.0139 2604 VSS - ok
17:30:11.0344 2604 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:30:11.0347 2604 vwifibus - ok
17:30:11.0414 2604 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:30:11.0416 2604 vwififlt - ok
17:30:11.0445 2604 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:30:11.0447 2604 vwifimp - ok
17:30:11.0511 2604 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:30:11.0529 2604 W32Time - ok
17:30:11.0573 2604 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:30:11.0576 2604 WacomPen - ok
17:30:11.0638 2604 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:30:11.0643 2604 WANARP - ok
17:30:11.0657 2604 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:30:11.0658 2604 Wanarpv6 - ok
17:30:11.0835 2604 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:30:11.0864 2604 WatAdminSvc - ok
17:30:11.0978 2604 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
17:30:12.0017 2604 wbengine - ok
17:30:12.0135 2604 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:30:12.0146 2604 WbioSrvc - ok
17:30:12.0204 2604 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
17:30:12.0224 2604 wcncsvc - ok
17:30:12.0256 2604 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:30:12.0260 2604 WcsPlugInService - ok
17:30:12.0314 2604 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:30:12.0316 2604 Wd - ok
17:30:12.0389 2604 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:30:12.0418 2604 Wdf01000 - ok
17:30:12.0440 2604 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:30:12.0442 2604 WdiServiceHost - ok
17:30:12.0454 2604 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:30:12.0456 2604 WdiSystemHost - ok
17:30:12.0507 2604 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
17:30:12.0526 2604 WebClient - ok
17:30:12.0655 2604 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:30:12.0675 2604 Wecsvc - ok
17:30:12.0702 2604 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:30:12.0706 2604 wercplsupport - ok
17:30:12.0738 2604 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:30:12.0742 2604 WerSvc - ok
17:30:12.0800 2604 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:30:12.0802 2604 WfpLwf - ok
17:30:12.0823 2604 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:30:12.0825 2604 WIMMount - ok
17:30:12.0840 2604 WinHttpAutoProxySvc - ok
17:30:12.0911 2604 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:30:12.0920 2604 Winmgmt - ok
17:30:13.0058 2604 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
17:30:13.0135 2604 WinRM - ok
17:30:13.0354 2604 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
17:30:13.0358 2604 WinUsb - ok
17:30:13.0441 2604 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:30:13.0508 2604 Wlansvc - ok
17:30:13.0728 2604 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:30:13.0848 2604 wlidsvc - ok
17:30:14.0056 2604 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:30:14.0063 2604 WmiAcpi - ok
17:30:14.0157 2604 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:30:14.0168 2604 wmiApSrv - ok
17:30:14.0229 2604 WMPNetworkSvc - ok
17:30:14.0262 2604 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:30:14.0265 2604 WPCSvc - ok
17:30:14.0302 2604 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
17:30:14.0304 2604 WPDBusEnum - ok
17:30:14.0353 2604 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:30:14.0355 2604 ws2ifsl - ok
17:30:14.0368 2604 WSearch - ok
17:30:14.0601 2604 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:30:14.0673 2604 wuauserv - ok
17:30:14.0795 2604 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
17:30:14.0798 2604 WudfPf - ok
17:30:14.0835 2604 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:30:14.0839 2604 WUDFRd - ok
17:30:14.0878 2604 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
17:30:14.0880 2604 wudfsvc - ok
17:30:14.0919 2604 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:30:14.0930 2604 WwanSvc - ok
17:30:14.0993 2604 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
17:30:15.0007 2604 yukonw7 - ok
17:30:15.0062 2604 MBR (0x1B8) (021411a602843a1d9ce2e082714ef944) \Device\Harddisk0\DR0
17:30:15.0744 2604 \Device\Harddisk0\DR0 - ok
17:30:15.0753 2604 Boot (0x1200) (bf3d8215e1a5d8a0c3fca986d21c5ba1) \Device\Harddisk0\DR0\Partition0
17:30:15.0757 2604 \Device\Harddisk0\DR0\Partition0 - ok
17:30:15.0827 2604 Boot (0x1200) (5148a4889955ee422931fdc94d3478c3) \Device\Harddisk0\DR0\Partition1
17:30:15.0830 2604 \Device\Harddisk0\DR0\Partition1 - ok
17:30:15.0874 2604 Boot (0x1200) (2af9348f07ad8e6d9e80adf80919b0b3) \Device\Harddisk0\DR0\Partition2
17:30:15.0877 2604 \Device\Harddisk0\DR0\Partition2 - ok
17:30:15.0900 2604 Boot (0x1200) (9cab5f6d786fa308ef2d4e62f28f6921) \Device\Harddisk0\DR0\Partition3
17:30:15.0901 2604 \Device\Harddisk0\DR0\Partition3 - ok
17:30:15.0904 2604 ============================================================
17:30:15.0905 2604 Scan finished
17:30:15.0905 2604 ============================================================
17:30:15.0925 0272 Detected object count: 1
17:30:15.0925 0272 Actual detected object count: 1




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-17 13:07:49
-----------------------------
13:07:49.360 OS Version: Windows x64 6.1.7600
13:07:49.360 Number of processors: 1 586 0x603
13:07:49.361 ComputerName: NICKY-HP UserName: Nicky
13:08:31.950 Initialize success
13:08:48.304 AVAST engine defs: 12071600
13:09:15.367 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
13:09:15.369 Disk 0 Vendor: ST932032 0005 Size: 305245MB BusType: 11
13:09:15.387 Disk 0 MBR read successfully
13:09:15.389 Disk 0 MBR scan
13:09:15.437 Disk 0 unknown MBR code
13:09:15.476 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
13:09:15.490 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 288151 MB offset 409600
13:09:15.524 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16790 MB offset 590542848
13:09:15.585 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
13:09:15.635 Disk 0 scanning C:\Windows\system32\drivers
13:09:39.088 Service scanning
13:10:49.667 Service SABProcEnum C:\Windows\system32\lanmanserver.dll **INFECTED** Win64:ZAccess-E [Rtk]
13:11:35.488 Modules scanning
13:11:36.192 Disk 0 trace - called modules:
13:11:36.210 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
13:11:36.219 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031b2060]
13:11:36.225 3 CLASSPNP.SYS[fffff88001b4743f] -> nt!IofCallDriver -> [0xfffffa8003158040]
13:11:36.231 5 amdxata.sys[fffff880010987a8] -> nt!IofCallDriver -> \Device\00000062[0xfffffa80030411c0]
13:12:09.357 AVAST engine scan C:\Windows
13:12:47.658 AVAST engine scan C:\Windows\system32
13:13:13.571 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
13:14:23.270 File: C:\Windows\system32\lanmanserver.dll **INFECTED** Win64:ZAccess-E [Rtk]
13:17:57.388 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
13:18:03.453 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
13:22:22.407 AVAST engine scan C:\Windows\system32\drivers
13:23:10.188 AVAST engine scan C:\Users\Nicky
13:43:59.774 AVAST engine scan C:\ProgramData
13:56:31.563 Scan finished successfully
14:50:04.418 Disk 0 MBR has been saved successfully to "C:\Users\Nicky\Desktop\MBR.dat"
14:50:04.426 The log file has been saved successfully to "C:\Users\Nicky\Desktop\aswMBR.txt"



C:\SwSetup\Drivers\Network\WIN7\32\RTNUninst32.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\mfc80u.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\msvcp80.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\msvcr80.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\ATILog.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\ATIManifestDLMExt.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\CompressionDLMExt.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\ControlCenterActions.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\CRCVerDLMExt.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\DetectionManager.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\DLMCom.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\EncryptionDLMExt.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\InstallManager.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\InstallManagerApp.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\LanguageMgr.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\mfc80u.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\msvcp80.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\msvcr80.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\PackageManager.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\xerces-c_2_6.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Packages\Drivers\Display\W7_INF\B101482\coinst.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\LSSS\LsDriveDetect\LSDriveDetect.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\LSSS\LsDriveDetect\msvcm80.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\LSSS\LsDriveDetect\msvcp80.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\LSSS\LsDriveDetect\msvcr80.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\PowerDVD\VerCheck.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Youcam\vcredist_x86.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\otqe.exe a variant of Win32/Kryptik.ZFO trojan cleaned by deleting - quarantined
C:\Users\Nicky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZIBHSFK\indqiobtcwdl[1].pdf JS/Exploit.Pdfka.PGF.Gen trojan cleaned by deleting - quarantined
C:\Users\Nicky\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\51f640c-1d04f2b8 Java/Exploit.CVE-2012-0507.F trojan deleted - quarantined
C:\Windows\system64\consrv.dll Win64/Sirefef.G trojan cleaned by deleting - quarantined
C:\Windows\system64\lanmanserver.dll Win64/Sirefef.W trojan cleaned by deleting (after the next restart) - quarantined
C:\Windows\system64\drivers\etc\hosts Win32/Qhost trojan cleaned by deleting (after the next restart) - quarantined
Operating memory a variant of Win32/Sirefef.DN trojan


Hopefully everything you need is here, if you can help me out I would really appreciate it.

Thankyou

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:21 PM

Posted 17 July 2012 - 10:37 AM

You're infected RAMINIT and Zero access rootkit.

From your log RAMINIT infection has infected only your C:\SwSetup folder

C:\SwSetup\Drivers\Network\WIN7\32\RTNUninst32.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\mfc80u.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\msvcp80.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\msvcr80.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\ATILog.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\ATIManifestDLMExt.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\CompressionDLMExt.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\ControlCenterActions.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\CRCVerDLMExt.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\DetectionManager.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\DLMCom.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\EncryptionDLMExt.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\InstallManager.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\InstallManagerApp.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\LanguageMgr.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\mfc80u.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\msvcp80.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\msvcr80.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\PackageManager.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Bin\xerces-c_2_6.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Drivers\Video\Packages\Drivers\Display\W7_INF\B101482\coinst.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\LSSS\LsDriveDetect\LSDriveDetect.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\LSSS\LsDriveDetect\msvcm80.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\LSSS\LsDriveDetect\msvcp80.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\LSSS\LsDriveDetect\msvcr80.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\PowerDVD\VerCheck.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\SwSetup\Youcam\vcredist_x86.exe a variant of Win32/Ramnit.T virus deleted - quarantined


I would suggest you to delete this folder C:\SwSetup before it spreads to whole system.Do not backup any EXE,DLL or HTML files from your PC until you are clean.

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:21 PM

Posted 20 July 2012 - 10:34 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic461114.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take a few more days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users